CVE-2024-6678

HIGH Year: 2024
CVSS v3 Score
8.8
High
Weakness Type
CWE-290
View all →

Vulnerability Description

An issue was discovered in GitLab CE/EE affecting all versions starting from 8.14 prior to 17.1.7, starting from 17.2 prior to 17.2.5, and starting from 17.3 prior to 17.3.2, which allows an attacker to trigger a pipeline as an arbitrary user under certain circumstances.

Related Vulnerabilities

CVE-2018-16483

HIGH
CVSS:8.8(High)

A deficiency in the access control in module express-cart <=1.1.5 allows unprivileged users to add new users to the application as administrators.

CWE-2902018

CVE-2018-5354

HIGH
CVSS:8.8(High)

The custom GINA/CP module in ANIXIS Password Reset Client before version 3.22 allows remote attackers to execute code and escalate privileges via spoofing. When the client is configured to use HTTP, i...

CWE-2902018

CVE-2019-16766

HIGH
CVSS:8.8(High)

When using wagtail-2fa before 1.3.0, if someone gains access to someone's Wagtail login credentials, they can log into the CMS and bypass the 2FA check by changing the URL. They can then add a new dev...

CWE-2902019

CVE-2022-32744

HIGH
CVSS:8.8(High)

A flaw was found in Samba. The KDC accepts kpasswd requests encrypted with any key known to it. By encrypting forged kpasswd requests with its own key, a user can change other users' passwords, enabli...

CWE-2902022

CVE-2022-42983

HIGH
CVSS:8.8(High)

anji-plus AJ-Report 0.9.8.6 allows remote attackers to bypass login authentication by spoofing JWT Tokens.

CWE-2902022