CVE-2024-4278

LOW Year: 2024
CVSS v3 Score
2.7
Low
Weakness Type
CWE-821
View all →

Vulnerability Description

An information disclosure issue has been discovered in GitLab EE affecting all versions starting from 16.5 prior to 17.2.8, from 17.3 prior to 17.3.4, and from 17.4 prior to 17.4.1. A maintainer could obtain a Dependency Proxy password by editing a certain Dependency Proxy setting.

Related Vulnerabilities

CVE-2024-58131

LOW
CVSS:3.7(Low)

FISCO BCOS 3.11.0 has an issue with synchronization of the transaction pool that can, for example, be observed when a malicious node (that has modified the codebase to allow a large min_seal_time valu...

CWE-8212024

CVE-2024-58132

MEDIUM
CVSS:4.0(Medium)

In chainmaker-go (aka ChainMaker) before 2.3.6, multiple updates to a single node's configuration can cause other normal nodes to perform concurrent read and write operations on a map, leading to a pa...

CWE-8212024

CVE-2024-58133

MEDIUM
CVSS:4.0(Medium)

In chainmaker-go (aka ChainMaker) before 2.4.0, when making frequent updates to a node's configuration file and restarting this node, concurrent writes by logger.go to a map are mishandled. Creating o...

CWE-8212024

CVE-2022-1931

CRITICAL
CVSS:9.1(Critical)

Incorrect Synchronization in GitHub repository polonel/trudesk prior to 1.2.3.

CWE-8212022

CVE-2024-7043

HIGH
CVSS:8.1(High)

An improper access control vulnerability in open-webui/open-webui v0.3.8 allows attackers to view and delete any files. The application does not verify whether the attacker is an administrator, allowi...

CWE-8212024

CVE-2024-1739

HIGH
CVSS:7.5(High)

lunary-ai/lunary is vulnerable to an authentication issue due to improper validation of email addresses during the signup process. Specifically, the server fails to treat email addresses as case insen...

CWE-8212024