CVE-2022-3726 - How GitLab’s Missing OpenAPI Sandboxing Put Users at Risk
Published: June 2024
Severity: Medium/High
Affected Products: GitLab CE/EE
Vulnerable Versions:
Summary
In late 2022, a significant vulnerability, CVE-2022-3726, was disclosed in GitLab
CVE-2022-44551 The iaware module has a vulnerability in thread security
This issue results because thread_id in the password settings is not verified before being used. This can result in an attacker gaining root privileges.
CVE-2022-43031 DedeCMS v6.1.9 has a CSRF flaw that allows attackers to add administrator accounts and modify admin passwords.
This vulnerability occurs due to the presence of an untrusted data source when a user with the ‘Administrator’ account type tries to login to the
CVE-2022-43488 - CSRF in Advanced Dynamic Pricing for WooCommerce <= 4.1.5 Allows Unauthorized Pricing Rules Migration
In October 2022, a security vulnerability (CVE-2022-43488) was disclosed for the Advanced Dynamic Pricing for WooCommerce WordPress plugin, affecting versions up to 4.1.5.
CVE-2022-40632 gVectors Team wpForo Forum plugin = 2.0.5 vulnerable to CSRF leading to topic deletion.
A malicious user with access to the admin settings of the site can perform CSRF attack to delete any topic in the site. WordPress 4.
Episode
00:00:00
00:00:00