CVE-2023-4018

MEDIUM Year: 2023
CVSS v3 Score
5.3
Medium
Weakness Type
CWE-425
View all →

Vulnerability Description

An issue has been discovered in GitLab affecting all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. Due to improper permission validation it was possible to create model experiments in public projects.

Related Vulnerabilities

CVE-2004-2257

MEDIUM
CVSS:5.3(Medium)

phpMyFAQ 1.4.0 allows remote attackers to access the Image Manager to upload or delete images without authorization via a direct request.

CWE-4252004

CVE-2005-1688

MEDIUM
CVSS:5.3(Medium)

Wordpress 1.5 and earlier allows remote attackers to obtain sensitive information via a direct request to files in (1) wp-content/themes/, (2) wp-includes/, or (3) wp-admin/, which reveal the path in ...

CWE-4252005

CVE-2016-1000111

MEDIUM
CVSS:5.3(Medium)

Twisted before 16.3.1 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PRO...

CWE-4252016

CVE-2017-2139

MEDIUM
CVSS:5.3(Medium)

CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and earlier (excluding v2 and v3) allows remote attackers to bypass access restriction ...

CWE-4252017

CVE-2017-2143

MEDIUM
CVSS:5.3(Medium)

CS-Cart Japanese Edition v4.3.10-jp-1 and earlier, CS-Cart Multivendor Japanese Edition v4.3.10-jp-1 and earlier allows remote attackers to bypass access restriction to create a request to return a cu...

CWE-4252017

CVE-2019-13981

MEDIUM
CVSS:5.3(Medium)

In Directus 7 API through 2.3.0, remote attackers can read image files via a direct request for a filename under the uploads/_/originals/ directory. This is related to a configuration option in which ...

CWE-4252019