Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2024-4006

Опубликовано: 25 апр. 2024
Источник: debian

Описание

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.7 before 16.9.6, all versions starting from 16.10 before 16.10.4, all versions starting from 16.11 before 16.11.1 where personal access scopes were not honored by GraphQL subscriptions

Пакеты

ПакетСтатусВерсия исправленияРелизТип
gitlabfixed17.3.5-2package

Связанные уязвимости

ubuntu логотип

CVE-2024-4006

CVSS3: 4.3
ubuntu
почти 2 года назад

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.7 before 16.9.6, all versions starting from 16.10 before 16.10.4, all versions starting from 16.11 before 16.11.1 where personal access scopes were not honored by GraphQL subscriptions

nvd логотип

CVE-2024-4006

CVSS3: 4.3
nvd
почти 2 года назад

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.7 before 16.9.6, all versions starting from 16.10 before 16.10.4, all versions starting from 16.11 before 16.11.1 where personal access scopes were not honored by GraphQL subscriptions

github логотип

GHSA-vjph-qj4m-f5g8

CVSS3: 4.3
github
почти 2 года назад

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.7 before 16.9.6, all versions starting from 16.10 before 16.10.4, all versions starting from 16.11 before 16.11.1 where personal access scopes were not honored by GraphQL subscriptions

fstec логотип

BDU:2024-05692

CVSS3: 4.3
fstec
почти 2 года назад

Уязвимость компонента GraphQL Subscription Handler программной платформы на базе git для совместной работы над кодом GitLab, позволяющая нарушителю получить несанкционированный доступ к конфиденциальной информации