CVE-2024-6446

LOW Year: 2024
CVSS v3 Score
3.5
Low
Weakness Type
CWE-840
View all →

Vulnerability Description

An issue has been discovered in GitLab affecting all versions starting from 17.1 to 17.1.7, 17.2 prior to 17.2.5 and 17.3 prior to 17.3.2. A crafted URL could be used to trick a victim to trust an attacker controlled application.

Related Vulnerabilities

CVE-2022-3363

LOW
CVSS:2.8(Low)

Business Logic Errors in GitHub repository ikus060/rdiffweb prior to 2.5.0a7.

CWE-8402022

CVE-2018-25104

MEDIUM
CVSS:4.3(Medium)

A vulnerability was found in CoinGate Plugin up to 1.2.7 on PrestaShop. It has been rated as problematic. Affected by this issue is the function postProcess of the file modules/coingate/controllers/fr...

CWE-8402018

CVE-2020-8181

MEDIUM
CVSS:4.3(Medium)

A missing file type check in Nextcloud Contacts 3.2.0 allowed a malicious user to upload any file as avatars.

CWE-8402020

CVE-2021-4146

MEDIUM
CVSS:4.3(Medium)

Business Logic Errors in GitHub repository pimcore/pimcore prior to 10.2.6.

CWE-8402021

CVE-2022-0746

MEDIUM
CVSS:4.3(Medium)

Business Logic Errors in GitHub repository dolibarr/dolibarr prior to 16.0.

CWE-8402022

CVE-2023-29294

MEDIUM
CVSS:4.3(Medium)

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Business Logic Errors vulnerability that could result in a security feature bypass. A l...

CWE-8402023