Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-26056

Summary
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
Published At-02 Mar, 2023 | 18:44
Updated At-05 Mar, 2025 | 20:40
Rejected At-
Credits

XWiki Platform allows macro execution as any user without programming rights through the context macro

XWiki Platform is a generic wiki platform. Starting in version 3.0-milestone-1, it's possible to execute a script with the right of another user, provided the target user does not have programming right. The problem has been patched in XWiki 14.8-rc-1, 14.4.5, and 13.10.10. There are no known workarounds for this issue.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:GitHub_M
Assigner Org ID:a0819718-46f1-4df5-94e2-005712e83aaa
Published At:02 Mar, 2023 | 18:44
Updated At:05 Mar, 2025 | 20:40
Rejected At:
▼CVE Numbering Authority (CNA)
XWiki Platform allows macro execution as any user without programming rights through the context macro

XWiki Platform is a generic wiki platform. Starting in version 3.0-milestone-1, it's possible to execute a script with the right of another user, provided the target user does not have programming right. The problem has been patched in XWiki 14.8-rc-1, 14.4.5, and 13.10.10. There are no known workarounds for this issue.

Affected Products
Vendor
XWiki SASxwiki
Product
xwiki-platform
Versions
Affected
  • >= 3.0-milestone-1, < 13.10.10
  • >= 14.0-rc-1, < 14.4.5
  • >= 14.5, < 14.8-rc-1
Problem Types
TypeCWE IDDescription
CWECWE-863CWE-863: Incorrect Authorization
Type: CWE
CWE ID: CWE-863
Description: CWE-863: Incorrect Authorization
Metrics
VersionBase scoreBase severityVector
3.15.4MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Version: 3.1
Base score: 5.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-859x-p6jp-rc2w
x_refsource_CONFIRM
https://github.com/xwiki/xwiki-platform/commit/4b75f212c2dd2dfc5fb5726c7830c6dbc9a425c6
x_refsource_MISC
https://github.com/xwiki/xwiki-platform/commit/bd34ad6710ed72304304a3d5fec38b7cc050ef3b
x_refsource_MISC
https://github.com/xwiki/xwiki-platform/commit/dd3f4735b41971b3afc3f3aedf6664b4e8be4894
x_refsource_MISC
https://jira.xwiki.org/browse/XWIKI-19856
x_refsource_MISC
Hyperlink: https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-859x-p6jp-rc2w
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/xwiki/xwiki-platform/commit/4b75f212c2dd2dfc5fb5726c7830c6dbc9a425c6
Resource:
x_refsource_MISC
Hyperlink: https://github.com/xwiki/xwiki-platform/commit/bd34ad6710ed72304304a3d5fec38b7cc050ef3b
Resource:
x_refsource_MISC
Hyperlink: https://github.com/xwiki/xwiki-platform/commit/dd3f4735b41971b3afc3f3aedf6664b4e8be4894
Resource:
x_refsource_MISC
Hyperlink: https://jira.xwiki.org/browse/XWIKI-19856
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-859x-p6jp-rc2w
x_refsource_CONFIRM
x_transferred
https://github.com/xwiki/xwiki-platform/commit/4b75f212c2dd2dfc5fb5726c7830c6dbc9a425c6
x_refsource_MISC
x_transferred
https://github.com/xwiki/xwiki-platform/commit/bd34ad6710ed72304304a3d5fec38b7cc050ef3b
x_refsource_MISC
x_transferred
https://github.com/xwiki/xwiki-platform/commit/dd3f4735b41971b3afc3f3aedf6664b4e8be4894
x_refsource_MISC
x_transferred
https://jira.xwiki.org/browse/XWIKI-19856
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-859x-p6jp-rc2w
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://github.com/xwiki/xwiki-platform/commit/4b75f212c2dd2dfc5fb5726c7830c6dbc9a425c6
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/xwiki/xwiki-platform/commit/bd34ad6710ed72304304a3d5fec38b7cc050ef3b
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/xwiki/xwiki-platform/commit/dd3f4735b41971b3afc3f3aedf6664b4e8be4894
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://jira.xwiki.org/browse/XWIKI-19856
Resource:
x_refsource_MISC
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security-advisories@github.com
Published At:02 Mar, 2023 | 19:15
Updated At:13 Mar, 2023 | 16:15

XWiki Platform is a generic wiki platform. Starting in version 3.0-milestone-1, it's possible to execute a script with the right of another user, provided the target user does not have programming right. The problem has been patched in XWiki 14.8-rc-1, 14.4.5, and 13.10.10. There are no known workarounds for this issue.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.15.4MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Secondary3.15.4MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Type: Primary
Version: 3.1
Base score: 5.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Type: Secondary
Version: 3.1
Base score: 5.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
CPE Matches
XWiki SAS
xwiki
>>xwiki>>Versions from 3.1(inclusive) to 13.10.10(exclusive)
cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*
XWiki SAS
xwiki
>>xwiki>>Versions from 14.0(inclusive) to 14.4.5(exclusive)
cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*
XWiki SAS
xwiki
>>xwiki>>Versions from 14.5(inclusive) to 14.8(exclusive)
cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*
XWiki SAS
xwiki
>>xwiki>>3.0
cpe:2.3:a:xwiki:xwiki:3.0:milestone1:*:*:*:*:*:*
XWiki SAS
xwiki
>>xwiki>>3.0
cpe:2.3:a:xwiki:xwiki:3.0:milestone2:*:*:*:*:*:*
XWiki SAS
xwiki
>>xwiki>>3.0
cpe:2.3:a:xwiki:xwiki:3.0:milestone3:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-863Primarynvd@nist.gov
CWE-863Secondarysecurity-advisories@github.com
CWE ID: CWE-863
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-863
Type: Secondary
Source: security-advisories@github.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/xwiki/xwiki-platform/commit/4b75f212c2dd2dfc5fb5726c7830c6dbc9a425c6security-advisories@github.com
Patch
https://github.com/xwiki/xwiki-platform/commit/bd34ad6710ed72304304a3d5fec38b7cc050ef3bsecurity-advisories@github.com
Patch
https://github.com/xwiki/xwiki-platform/commit/dd3f4735b41971b3afc3f3aedf6664b4e8be4894security-advisories@github.com
Patch
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-859x-p6jp-rc2wsecurity-advisories@github.com
Exploit
Vendor Advisory
https://jira.xwiki.org/browse/XWIKI-19856security-advisories@github.com
Exploit
Issue Tracking
Patch
Vendor Advisory
Hyperlink: https://github.com/xwiki/xwiki-platform/commit/4b75f212c2dd2dfc5fb5726c7830c6dbc9a425c6
Source: security-advisories@github.com
Resource:
Patch
Hyperlink: https://github.com/xwiki/xwiki-platform/commit/bd34ad6710ed72304304a3d5fec38b7cc050ef3b
Source: security-advisories@github.com
Resource:
Patch
Hyperlink: https://github.com/xwiki/xwiki-platform/commit/dd3f4735b41971b3afc3f3aedf6664b4e8be4894
Source: security-advisories@github.com
Resource:
Patch
Hyperlink: https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-859x-p6jp-rc2w
Source: security-advisories@github.com
Resource:
Exploit
Vendor Advisory
Hyperlink: https://jira.xwiki.org/browse/XWIKI-19856
Source: security-advisories@github.com
Resource:
Exploit
Issue Tracking
Patch
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

64Records found
CVE-2022-0825
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-5.4||MEDIUM
EPSS-0.18% / 39.38%
||
7 Day CHG~0.00%
Published-04 Apr, 2022 | 15:35
Updated-02 Aug, 2024 | 23:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Amelia < 1.0.49 - Customer+ Arbitrary Appointments Status Update

The Amelia WordPress plugin before 1.0.49 does not have proper authorisation when managing appointments, allowing any customer to update other's booking status, as well as retrieve sensitive information about the bookings, such as the full name and phone number of the person who booked it.

Action-Not Available
Vendor-tms-outsourceUnknown
Product-ameliaAmelia – Events & Appointments Booking Calendar
CWE ID-CWE-863
Incorrect Authorization
CVE-2022-0720
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-5.4||MEDIUM
EPSS-0.13% / 32.68%
||
7 Day CHG~0.00%
Published-28 Mar, 2022 | 17:23
Updated-02 Aug, 2024 | 23:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Amelia < 1.0.47 - Customer+ Arbitrary Appointments Update and Sensitive Data Disclosure

The Amelia WordPress plugin before 1.0.47 does not have proper authorisation when managing appointments, allowing any customer to update other's booking, as well as retrieve sensitive information about the bookings, such as the full name and phone number of the person who booked it.

Action-Not Available
Vendor-tms-outsourceUnknown
Product-ameliaAmelia – Events & Appointments Booking Calendar
CWE ID-CWE-863
Incorrect Authorization
CVE-2022-0727
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-5.4||MEDIUM
EPSS-0.15% / 36.45%
||
7 Day CHG~0.00%
Published-23 Feb, 2022 | 13:20
Updated-02 Aug, 2024 | 23:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Access Control in chocobozzz/peertube

Improper Access Control in GitHub repository chocobozzz/peertube prior to 4.1.0.

Action-Not Available
Vendor-framasoftchocobozzz
Product-peertubechocobozzz/peertube
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-863
Incorrect Authorization
CVE-2023-3586
Matching Score-4
Assigner-Mattermost, Inc.
ShareView Details
Matching Score-4
Assigner-Mattermost, Inc.
CVSS Score-4.2||MEDIUM
EPSS-0.16% / 37.43%
||
7 Day CHG~0.00%
Published-17 Jul, 2023 | 15:25
Updated-22 Oct, 2024 | 13:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Disabling publicly-shared boards does not disable existing publicly available board links

Mattermost fails to disable public Boards after the "Enable Publicly-Shared Boards" configuration option is disabled, resulting in previously-shared public Boards to remain accessible.

Action-Not Available
Vendor-Mattermost, Inc.
Product-mattermost_serverMattermost
CWE ID-CWE-863
Incorrect Authorization
CVE-2023-34197
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.10% / 27.63%
||
7 Day CHG~0.00%
Published-07 Jul, 2023 | 00:00
Updated-13 Nov, 2024 | 21:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Zoho ManageEngine ServiceDesk Plus before 14202, ServiceDesk Plus MSP before 14300, and SupportCenter Plus before 14300 have a privilege escalation vulnerability in the Release module that allows unprivileged users to access the Reminders of a release ticket and make modifications.

Action-Not Available
Vendor-n/aZoho Corporation Pvt. Ltd.
Product-manageengine_servicedesk_plusmanageengine_supportcenter_plusmanageengine_servicedesk_plus_mspn/a
CWE ID-CWE-863
Incorrect Authorization
CVE-2023-30955
Matching Score-4
Assigner-Palantir Technologies
ShareView Details
Matching Score-4
Assigner-Palantir Technologies
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 20.74%
||
7 Day CHG~0.00%
Published-29 Jun, 2023 | 18:46
Updated-28 Oct, 2024 | 13:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Foundry workspace-server Developer Mode Authorization Bypass

A security defect was identified in Foundry workspace-server that enabled a user to bypass an authorization check and view settings related to 'Developer Mode'. This enabled users with insufficient privilege the ability to view and interact with Developer Mode settings in a limited capacity. A fix was deployed with workspace-server 7.7.0.

Action-Not Available
Vendor-palantirPalantir
Product-foundry_workspace-servercom.palantir.workspace:workspace
CWE ID-CWE-602
Client-Side Enforcement of Server-Side Security
CWE ID-CWE-863
Incorrect Authorization
CVE-2024-52584
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-4.9||MEDIUM
EPSS-0.07% / 22.77%
||
7 Day CHG~0.00%
Published-18 Nov, 2024 | 20:43
Updated-21 Jan, 2025 | 17:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Autolab has vulnerable submission endpoints

Autolab is a course management service that enables auto-graded programming assignments. There is a vulnerability in version 3.0.1 where CAs can view or edit the grade for any submission ID, even if they are not a CA for the class that has the submission. The endpoints only check that the CAs have the authorization level of a CA in the class in the endpoint, which is not necessarily the class the submission is attached to. Version 3.0.2 contains a patch. No known workarounds are available.

Action-Not Available
Vendor-autolabprojectautolab
Product-autolabAutolab
CWE ID-CWE-863
Incorrect Authorization
CVE-2024-50419
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.18% / 39.82%
||
7 Day CHG+0.03%
Published-30 Oct, 2024 | 15:01
Updated-28 May, 2025 | 21:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Greenshift plugin <= 9.7 - Broken Access Control vulnerability

Incorrect Authorization vulnerability in Wpsoul Greenshift – animation and page builder blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Greenshift – animation and page builder blocks: from n/a through 9.7.

Action-Not Available
Vendor-greenshiftwpWpsoul
Product-greenshift_-_animation_and_page_builder_blocksGreenshift – animation and page builder blocks
CWE ID-CWE-863
Incorrect Authorization
CVE-2021-31554
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.12% / 31.71%
||
7 Day CHG~0.00%
Published-22 Apr, 2021 | 02:29
Updated-03 Aug, 2024 | 23:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. It improperly handled account blocks for certain automatically created MediaWiki user accounts, thus allowing nefarious users to remain unblocked.

Action-Not Available
Vendor-n/aWikimedia Foundation
Product-mediawikin/a
CWE ID-CWE-863
Incorrect Authorization
CVE-2021-31552
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.11% / 29.82%
||
7 Day CHG~0.00%
Published-22 Apr, 2021 | 02:29
Updated-03 Aug, 2024 | 23:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. It incorrectly executed certain rules related to blocking accounts after account creation. Such rules would allow for user accounts to be created while blocking only the IP address used to create an account (and not the user account itself). Such rules could also be used by a nefarious, unprivileged user to catalog and enumerate any number of IP addresses related to these account creations.

Action-Not Available
Vendor-n/aWikimedia Foundation
Product-mediawikin/a
CWE ID-CWE-863
Incorrect Authorization
CVE-2021-27225
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.13% / 33.50%
||
7 Day CHG~0.00%
Published-01 Mar, 2021 | 00:24
Updated-03 Aug, 2024 | 20:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Dataiku DSS before 8.0.6, insufficient access control in the Jupyter notebooks integration allows users (who have coding permissions) to read and overwrite notebooks in projects that they are not authorized to access.

Action-Not Available
Vendor-dataikun/a
Product-data_science_studion/a
CWE ID-CWE-863
Incorrect Authorization
CVE-2024-28098
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-6.4||MEDIUM
EPSS-0.17% / 39.04%
||
7 Day CHG~0.00%
Published-12 Mar, 2024 | 18:15
Updated-13 Feb, 2025 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Pulsar: Improper Authorization For Topic-Level Policy Management

The vulnerability allows authenticated users with only produce or consume permissions to modify topic-level policies, such as retention, TTL, and offloading settings. These management operations should be restricted to users with the tenant admin role or super user role. This issue affects Apache Pulsar versions from 2.7.1 to 2.10.5, from 2.11.0 to 2.11.3, from 3.0.0 to 3.0.2, from 3.1.0 to 3.1.2, and 3.2.0. 2.10 Apache Pulsar users should upgrade to at least 2.10.6. 2.11 Apache Pulsar users should upgrade to at least 2.11.4. 3.0 Apache Pulsar users should upgrade to at least 3.0.3. 3.1 Apache Pulsar users should upgrade to at least 3.1.3. 3.2 Apache Pulsar users should upgrade to at least 3.2.1. Users operating versions prior to those listed above should upgrade to the aforementioned patched versions or newer versions.

Action-Not Available
Vendor-The Apache Software Foundation
Product-pulsarApache Pulsar
CWE ID-CWE-863
Incorrect Authorization
CVE-2021-24842
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-5.4||MEDIUM
EPSS-0.15% / 35.55%
||
7 Day CHG~0.00%
Published-29 Nov, 2021 | 08:25
Updated-03 Aug, 2024 | 19:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Bulk Datetime Change < 1.12 - Missing Authorisation

The Bulk Datetime Change WordPress plugin before 1.12 does not enforce capability checks which allows users with Contributor roles to 1) list private post titles of other users and 2) change the posted date of other users' posts.

Action-Not Available
Vendor-bulk_datetime_change_projectUnknown
Product-bulk_datetime_changeBulk Datetime Change
CWE ID-CWE-862
Missing Authorization
CWE ID-CWE-863
Incorrect Authorization
CVE-2021-22256
Matching Score-4
Assigner-GitLab Inc.
ShareView Details
Matching Score-4
Assigner-GitLab Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.23% / 45.23%
||
7 Day CHG~0.00%
Published-25 Aug, 2021 | 18:30
Updated-03 Aug, 2024 | 18:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper authorization in GitLab CE/EE affecting all versions since 12.6 allowed guest users to create issues for Sentry errors and track their status

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-863
Incorrect Authorization
  • Previous
  • 1
  • 2
  • Next
Details not found