CVE-2024-8311

MEDIUM Year: 2024
CVSS v3 Score
6.5
Medium
Weakness Type
CWE-424
View all →

Vulnerability Description

An issue was discovered with pipeline execution policies in GitLab EE affecting all versions from 17.2 prior to 17.2.5, 17.3 prior to 17.3.2 which allows authenticated users to bypass variable overwrite protection via inclusion of a CI/CD template.

Related Vulnerabilities

CVE-2022-1742

MEDIUM
CVSS:6.8(Medium)

The tested version of Dominion Voting Systems ImageCast X allows for rebooting into Android Safe Mode, which allows an attacker to directly access the operating system. An attacker could leverage this...

CWE-4242022

CVE-2024-3460

HIGH
CVSS:7.0(High)

In KioWare for Windows (versions all through 8.34) it is possible to exit this software and use other already opened applications utilizing a short time window before the forced automatic logout occur...

CWE-4242024

CVE-2023-0629

HIGH
CVSS:7.1(High)

Docker Desktop before 4.17.0 allows an unprivileged user to bypass Enhanced Container Isolation (ECI) restrictions by setting the Docker host to docker.raw.sock, or npipe:////.pipe/docker_engine_linux...

CWE-4242023

CVE-2019-18997

HIGH
CVSS:7.5(High)

The HMISimulator component of ABB PB610 Panel Builder 600 uses the readFile/writeFile interface to manipulate the work file. Path configuration in PB610 HMISimulator versions 2.8.0.424 and earlier pot...

CWE-4242019

CVE-2021-3793

MEDIUM
CVSS:5.3(Medium)

An improper access control vulnerability was reported in some Motorola-branded Binatone Hubble Cameras which could allow an unauthenticated attacker on the same network as the device to access adminis...

CWE-4242021

CVE-2019-18996

HIGH
CVSS:7.8(High)

Path settings in HMIStudio component of ABB PB610 Panel Builder 600 versions 2.8.0.424 and earlier accept DLLs outside of the program directory, potentially allowing an attacker with access to the loc...

CWE-4242019