CVE-2021-39870

Опубликовано: 05 окт. 2021

Источник: debian

EPSS Низкий

Описание

In all versions of GitLab CE/EE since version 11.11, an instance that has the setting to disable Repo by URL import enabled is bypassed by an attacker making a crafted API call.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
gitlab	fixed	15.10.8+ds1-2		package

EPSS

Процентиль: 31%

0.00123

Низкий

Связанные уязвимости

CVE-2021-39870

CVSS3: 4.3

ubuntu

больше 4 лет назад

In all versions of GitLab CE/EE since version 11.11, an instance that has the setting to disable Repo by URL import enabled is bypassed by an attacker making a crafted API call.

CVE-2021-39870

CVSS3: 4.3

nvd

больше 4 лет назад

In all versions of GitLab CE/EE since version 11.11, an instance that has the setting to disable Repo by URL import enabled is bypassed by an attacker making a crafted API call.

GHSA-m6pw-2x85-c738

github

почти 4 года назад

In all versions of GitLab CE/EE since version 11.11, an instance that has the setting to disable Repo by URL import enabled is bypassed by an attacker making a crafted API call.

EPSS

Процентиль: 31%

0.00123

Низкий