Описание
An issue was discovered in GitLab Community Edition and Enterprise Edition 10.7.x before 10.7.6. The usage of 'url_for' contained a XSS issue due to it allowing arbitrary protocols as a parameter.
Ссылки
- Vendor Advisory
- ExploitIssue TrackingPatchVendor Advisory
- Vendor Advisory
- ExploitIssue TrackingPatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 10.7.0 (включая) до 10.7.6 (исключая)Версия от 10.7.0 (включая) до 10.7.6 (исключая)
Одно из
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
EPSS
Процентиль: 20%
0.00064
Низкий
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 5.4
ubuntu
почти 7 лет назад
An issue was discovered in GitLab Community Edition and Enterprise Edition 10.7.x before 10.7.6. The usage of 'url_for' contained a XSS issue due to it allowing arbitrary protocols as a parameter.
CVSS3: 5.4
debian
почти 7 лет назад
An issue was discovered in GitLab Community Edition and Enterprise Edi ...
CVSS3: 5.4
github
около 3 лет назад
An issue was discovered in GitLab Community Edition and Enterprise Edition 10.7.x before 10.7.6. The usage of 'url_for' contained a XSS issue due to it allowing arbitrary protocols as a parameter.
EPSS
Процентиль: 20%
0.00064
Низкий
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79