CVE-2023-31485

Опубликовано: 29 апр. 2023

Источник: debian

EPSS Низкий

Описание

GitLab::API::v4 through 0.26 does not verify TLS certificates when connecting to a GitLab server, enabling machine-in-the-middle attacks.

Пакет	Статус	Версия исправления	Релиз	Тип
libgitlab-api-v4-perl	fixed	0.27-1		package
libgitlab-api-v4-perl	no-dsa		bookworm	package
libgitlab-api-v4-perl	no-dsa		bullseye	package
libgitlab-api-v4-perl	no-dsa		buster	package

https://github.com/bluefeet/GitLab-API-v4/pull/57
https://github.com/bluefeet/GitLab-API-v4/commit/02a2862cba323fe37e10afba8183d14847866fd2 (0.27)

EPSS

Процентиль: 33%

0.00125

Низкий

CVE-2023-31485

CVSS3: 5.9

ubuntu

почти 3 года назад

GitLab::API::v4 through 0.26 does not verify TLS certificates when connecting to a GitLab server, enabling machine-in-the-middle attacks.

CVE-2023-31485

CVSS3: 5.9

nvd

почти 3 года назад

GitLab::API::v4 through 0.26 does not verify TLS certificates when connecting to a GitLab server, enabling machine-in-the-middle attacks.

GHSA-c2v8-3552-rp4m

CVSS3: 5.9

github

почти 3 года назад

GitLab::API::v4 through 0.26 does not verify TLS certificates when connecting to a GitLab server, enabling machine-in-the-middle attacks.

EPSS

Процентиль: 33%

0.00125

Низкий