Skip to main content

CWE-1280

Access Control Check Implemented After Asset is Accessed

1 CVEs Avg CVSS 4.3 MITRE
0
CRITICAL
0
HIGH
1
MEDIUM
0
LOW
0
POC
0
KEV

Monthly

CVE-2026-3607 MEDIUM PATCH This Month

Package protection rule bypass in GitLab CE/EE allows authenticated users holding developer-role permissions to circumvent registry protections that should restrict their write or publish actions. Affecting all GitLab Community and Enterprise Edition instances running versions 18.3 through 18.9.6, 18.10 through 18.10.5, and 18.11 through 18.11.2, an attacker with a legitimately provisioned developer account can undermine the integrity controls placed on protected packages. No public exploit code exists and no active exploitation has been identified at time of analysis; the EPSS score of 0.01% (1st percentile) and SSVC exploitation rating of 'none' confirm this is a low-urgency finding.

Authentication Bypass Gitlab
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Package protection rule bypass in GitLab CE/EE allows authenticated users holding developer-role permissions to circumvent registry protections that should restrict their write or publish actions. Affecting all GitLab Community and Enterprise Edition instances running versions 18.3 through 18.9.6, 18.10 through 18.10.5, and 18.11 through 18.11.2, an attacker with a legitimately provisioned developer account can undermine the integrity controls placed on protected packages. No public exploit code exists and no active exploitation has been identified at time of analysis; the EPSS score of 0.01% (1st percentile) and SSVC exploitation rating of 'none' confirm this is a low-urgency finding.

Authentication Bypass Gitlab
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy