5 matches found
CVE-2026-58370
Woodpecker
CVE-2026-58370 Woodpecker < 3.15.0 - GitLab Approval Gate Bypass via Spoofable Commit Author Name
Woodpecker before 3.15.0 matches the ApprovalAllowedUsers bypass list against pipeline.Author. For the GitLab forge driver, pipeline.Author is populated from the git commit author name commit.author.name carried in the webhook payload, which is attacker-controlled and not verified by GitLab. A us...
PT-2026-6930
Name of the Vulnerable Software and Affected Versions WeKan versions prior to 8.19 Description WeKan contains an insecure direct object reference IDOR in the card comment creation API. The API endpoint accepts an authorId from the request body, which allows an authenticated user to spoof the...
EUVD-2025-199884
PubNet is a self-hosted Dart & Flutter package service. Prior to version 1.1.3, the /api/storage/upload endpoint in PubNet allows unauthenticated users to upload packages as any user by providing arbitrary author-id values. This enables identity spoofing, privilege escalation, and supply chain...
UBUNTU-CVE-2015-0251
The moddavsvn server in Subversion 1.5.0 through 1.7.19 and 1.8.0 through 1.8.11 allows remote authenticated users to spoof the svn:author property via a crafted v1 HTTP protocol request sequences...