CVE-2024-0861

MEDIUM Year: 2024
CVSS v3 Score
4.3
Medium
Weakness Type
CWE-425
View all →

Vulnerability Description

An issue has been discovered in GitLab EE affecting all versions starting from 16.4 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. Users with the `Guest` role can change `Custom dashboard projects` settings contrary to permissions.

Related Vulnerabilities

CVE-2018-11346

MEDIUM
CVSS:4.3(Medium)

An insecure direct object reference vulnerability in download.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows the ability to reference the "download_sys_settings" action and then specify files arbitraril...

CWE-4252018

CVE-2018-19620

MEDIUM
CVSS:4.3(Medium)

ShowDoc 2.4.1 allows remote attackers to edit other users' notes by navigating with a modified page_id.

CWE-4252018

CVE-2019-1220

MEDIUM
CVSS:4.3(Medium)

A security feature bypass vulnerability exists when Microsoft Browsers fail to validate the correct Security Zone of requests for specific URLs, aka 'Microsoft Browser Security Feature Bypass Vulnerab...

CWE-4252019

CVE-2019-16386

MEDIUM
CVSS:4.3(Medium)

PEGA Platform 7.x and 8.x is vulnerable to Information disclosure via a direct prweb/sso/random_token/!STANDARD?pyActivity=GetWebInfo&target=popup&pzHarnessID=random_harness_id request to get database...

CWE-4252019

CVE-2019-16388

MEDIUM
CVSS:4.3(Medium)

PEGA Platform 8.3.0 is vulnerable to Information disclosure via a direct prweb/sso/random_token/!STANDARD?pyStream=MyAlerts request to get Audit Log information while using a low-privilege account. NO...

CWE-4252019

CVE-2021-22180

MEDIUM
CVSS:4.3(Medium)

An issue has been discovered in GitLab affecting all versions starting from 13.4. Improper access control allows unauthorized users to access details on analytic pages.

CWE-4252021