6.4
CVE-2022-31669 - Harbor fails to validate the user permissions when updating tag immutability policies
Harbor fails to validate the user permissions when updating tag immutability policies. By sending a request to update a tag immutability policy with an id that belongs to a project that the currently authenticated user doesn’t have access to, the attacker could modify tag immutability policies co…
7.7
CVE-2022-31670 - Harbor fails to validate the user permissions when updating tag retention policies
Harbor fails to validate the user permissions when updating tag retention policies. By sending a request to update a tag retention policy with an id that belongs to a project that the currently authenticated user doesn’t have access to, the attacker could modify tag retention policies configured …
7.4
CVE-2022-31671 - Harbor fails to validate the user permissions when reading and updating job execution logs through …
Harbor fails to validate user permissions when reading and updating job execution logs through the P2P preheat execution logs. By sending a request that attempts to read/update P2P preheat execution logs and specifying different job IDs, malicious authenticated users could read all the job logs sto…
7.7
CVE-2022-31666 - Harbor fails to validate user permissions while Viewing, updating and deleting Webhook policies
Harbor fails to validate user permissions while deleting Webhook policies, allowing malicious users to view, update and delete Webhook policies of other users. The attacker could modify Webhook policies configured in other projects.
5.4
CVE-2024-8180 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions from 17.3 before 17.3.7, 17.4 before 17.4.4, and 17.5 before 17.5.2. Improper output encoding could lead to XSS if CSP is not enabled.
8.5
CVE-2024-9693 - Incorrect Authorization in GitLab
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.0 prior to 17.3.7, starting from 17.4 prior to 17.4.4, and starting from 17.5 prior to 17.5.2, which could have allowed unauthorized access to the Kubernetes agent in a cluster under specific configurations.
9.8
CVE-2024-10571 - Chartify – WordPress Chart Plugin <= 2.9.5 - Unauthenticated Local File Inclusion via source
The Chartify – WordPress Chart Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.9.5 via the 'source' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution …
7.5
CVE-2024-47916 - Boa web server - CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Travers…
Boa web server - CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
7.5
CVE-2024-47915 - VaeMendis - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
VaeMendis - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
4.5
CVE-2024-47914 - VaeMendis - CWE-352: Cross-Site Request Forgery (CSRF)
VaeMendis - CWE-352: Cross-Site Request Forgery (CSRF)