CVE-2018-17451

Опубликовано: 15 апр. 2023

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is Cross Site Request Forgery (CSRF) in the Slack integration for issuing slash commands.

Ссылки

https://about.gitlab.com/blog/categories/releases/
Release Notes
https://about.gitlab.com/releases/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released/
Release Notes
Vendor Advisory
https://about.gitlab.com/blog/categories/releases/
Release Notes
https://about.gitlab.com/releases/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released/
Release Notes
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*

Версия до 11.1.7 (исключая)

cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

Версия до 11.1.7 (исключая)

cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*

Версия от 11.2.0 (включая) до 11.2.4 (исключая)

cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

Версия от 11.2.0 (включая) до 11.2.4 (исключая)

cpe:2.3:a:gitlab:gitlab:11.3.0:*:*:*:community:*:*:*

cpe:2.3:a:gitlab:gitlab:11.3.0:*:*:*:enterprise:*:*:*

EPSS

Процентиль: 25%

0.00082

Низкий

8.8 High

CVSS3

Дефекты

CWE-352

Связанные уязвимости

CVE-2018-17451

CVSS3: 8.8

ubuntu

около 2 лет назад

CVE-2018-17451

CVSS3: 8.8

debian

около 2 лет назад

An issue was discovered in GitLab Community and Enterprise Edition bef ...

GHSA-p66q-2x4m-xxx9

CVSS3: 8.8

github

около 2 лет назад

EPSS

Процентиль: 25%

0.00082

Низкий

8.8 High

CVSS3

Дефекты

CWE-352