CVE-2022-3740

MEDIUM Year: 2022
CVSS v3 Score
4.9
Medium
Weakness Type
CWE-285
View all →

Vulnerability Description

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. A group owner may be able to bypass External Authorization check, if it is enabled, to access git repositories and package registries by using Deploy tokens or Deploy keys .

Related Vulnerabilities

CVE-2017-2632

MEDIUM
CVSS:4.9(Medium)

A logic error in valid_role() in CloudForms role validation before 5.7.1.3 could allow a tenant administrator to create groups with a higher privilege level than the tenant administrator should have. ...

CWE-2852017

CVE-2023-32482

MEDIUM
CVSS:4.9(Medium)

Wyse Management Suite versions prior to 4.0 contain an improper authorization vulnerability. An authenticated malicious user with privileged access can push policies to unauthorized tenant group.

CWE-2852023

CVE-2024-21137

MEDIUM
CVSS:4.9(Medium)

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerabilit...

CWE-2852024

CVE-2024-21159

MEDIUM
CVSS:4.9(Medium)

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows hi...

CWE-2852024

CVE-2024-21179

MEDIUM
CVSS:4.9(Medium)

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows hi...

CWE-2852024

CVE-2025-27602

MEDIUM
CVSS:4.9(Medium)

Umbraco is a free and open source .NET content management system. In versions of Umbraco's web backoffice program prior to versions 10.8.9 and 13.7.1, via manipulation of backoffice API URLs, it's pos...

CWE-2852025