CVE-2024-12570

MEDIUM Year: 2024
CVSS v3 Score
6.7
Medium
Weakness Type
CWE-270
View all →

Vulnerability Description

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 prior to 17.4.6, from 17.5 prior to 17.5.4, and from 17.6 prior to 17.6.2. It may have been possible for an attacker with a victim's `CI_JOB_TOKEN` to obtain a GitLab session token belonging to the victim.

Related Vulnerabilities

CVE-2020-7019

MEDIUM
CVSS:6.5(Medium)

In Elasticsearch before 7.9.0 and 6.8.12 a field disclosure flaw was found when running a scrolling search with Field Level Security. If a user runs the same query another more privileged user recentl...

CWE-2702020

CVE-2017-2663

HIGH
CVSS:7.8(High)

It was found that subscription-manager's DBus interface before 1.19.4 let unprivileged user access the com.redhat.RHSM1.Facts.GetFacts and com.redhat.RHSM1.Config.Set methods. An unprivileged local at...

CWE-2702017

CVE-2021-3493

HIGH
CVSS:7.8(High)

The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combinatio...

CWE-2702021

CVE-2024-37294

MEDIUM
CVSS:5.5(Medium)

Aimeos is an Open Source e-commerce framework for online shops. All SaaS and marketplace setups using Aimeos version from 2022/2023/2024 are affected by a potential denial of service attack. Users sho...

CWE-2702024

CVE-2024-46975

HIGH
CVSS:7.9(High)

Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data into another Guest's virtualised GPU memory.

CWE-2702024

CVE-2024-47173

MEDIUM
CVSS:5.5(Medium)

Aimeos is an e-commerce framework. All SaaS and marketplace setups using the Aimeos GraphQL API admin interface version from 2024.04 up to 2024.07.1 are affected by a potential denial of service attac...

CWE-2702024