Описание
An improper access control vulnerability exists in Gitlab <v12.3.2, <v12.2.6, <v12.1.12 which would allow a blocked user would be able to use GIT clone and pull if he had obtained a CI/CD token before.
Ссылки
- ExploitIssue TrackingThird Party Advisory
- ExploitIssue TrackingThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 12.1.12 (исключая)Версия до 12.1.12 (исключая)Версия от 12.2.0 (включая) до 12.2.6 (исключая)Версия от 12.2.0 (включая) до 12.2.6 (исключая)Версия от 12.3.0 (включая) до 12.3.2 (исключая)Версия от 12.3.0 (включая) до 12.3.2 (исключая)
Одно из
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
EPSS
Процентиль: 29%
0.00105
Низкий
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-284
NVD-CWE-Other
Связанные уязвимости
CVSS3: 8.8
ubuntu
больше 5 лет назад
An improper access control vulnerability exists in Gitlab <v12.3.2, <v12.2.6, <v12.1.12 which would allow a blocked user would be able to use GIT clone and pull if he had obtained a CI/CD token before.
CVSS3: 8.8
debian
больше 5 лет назад
An improper access control vulnerability exists in Gitlab <v12.3.2, <v ...
CVSS3: 8.8
github
около 3 лет назад
An improper access control vulnerability exists in Gitlab <v12.3.2, <v12.2.6, <v12.1.12 which would allow a blocked user would be able to use GIT clone and pull if he had obtained a CI/CD token before.
EPSS
Процентиль: 29%
0.00105
Низкий
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-284
NVD-CWE-Other