5 matches found
BIT-GITLAB-2026-5309 Authorization Bypass Through User-Controlled Key in GitLab
GitLab has remediated an issue in GitLab EE affecting all versions from 18.6 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user to read or modify another group's virtual registry cleanup policy settings without...
OpenClaw: Sender policy bypass in host media attachment reads allows unauthorized local file disclosure
Summary OpenClaw's outbound host-media attachment read helper could enable host-local file reads based on global or agent-level read access without also honoring sender and group-scoped tool policy. In channel deployments that used toolsBySender or group policy to deny read for less-trusted...
GHSA-JHPV-5J76-M56H OpenClaw: Sender policy bypass in host media attachment reads allows unauthorized local file disclosure
Summary OpenClaw's outbound host-media attachment read helper could enable host-local file reads based on global or agent-level read access without also honoring sender and group-scoped tool policy. In channel deployments that used toolsBySender or group policy to deny read for less-trusted...
EUVD-2022-55218
Malicious code in bioql PyPI...
GitLab Enterprise Edition 安全漏洞
GitLab Enterprise Edition EE is a content management system from the American company GitLab. A security vulnerability exists in GitLab Enterprise Edition versions 16.2 through before 17.7.6, 17.8 through before 17.8.4, and 17.9 through before 17.9.1, which stems from the ability of a Guest user ...