3 matches found
CVE-2026-46425 Budibase: SCIM endpoints lack role-based authorization, BASIC users CRUD tenant users
Budibase is an open-source low-code platform. Prior to 3.38.2, packages/worker/src/api/routes/global/scim.ts attaches only two middlewares to the SCIM router: requireSCIM checks the Enterprise feature flag and SCIM config and doInScimContext sets the SCIM request context. There is no role check...
The vulnerability of SCIM (System of Cross-domain Identity Management) function of the Git-based software platform for collaborative code development on GitLab arises from the ability to invite arbitrary users through their user names and email addresses. This allows a malicious actor to gain control over user accounts by modifying their email addresses.
The vulnerability of SCIM System of Cross-domain Identity Management in the Git-based software platform for collaborative code development on GitLab relates to the ability to invite arbitrary users through their user names and email addresses. Exploiting this vulnerability could allow a malicious...
GitLab 访问控制错误漏洞
GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition is a content management system. An Access Control Error vulnerability exists in GitLab Community Edition and GitLab...