Описание
An authorization issue in GitLab CE/EE version 9.4 and up allowed a group maintainer to modify group CI/CD variables which should be restricted to group owners
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| gitlab | fixed | 13.7.8+ds1-1 | experimental | package |
| gitlab | fixed | 15.10.8+ds1-2 | package |
Примечания
https://about.gitlab.com/releases/2021/03/04/security-release-gitlab-13-9-2-released/
EPSS
Процентиль: 38%
0.0017
Низкий
Связанные уязвимости
CVSS3: 4.9
ubuntu
почти 5 лет назад
An authorization issue in GitLab CE/EE version 9.4 and up allowed a group maintainer to modify group CI/CD variables which should be restricted to group owners
CVSS3: 4.9
nvd
почти 5 лет назад
An authorization issue in GitLab CE/EE version 9.4 and up allowed a group maintainer to modify group CI/CD variables which should be restricted to group owners
github
больше 3 лет назад
An authorization issue in GitLab CE/EE version 9.4 and up allowed a group maintainer to modify group CI/CD variables which should be restricted to group owners
EPSS
Процентиль: 38%
0.0017
Низкий