Описание
An authorization issue was discovered in the GitLab CE/EE CI badge images endpoint which could result in disclosure of the build status. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6.
Ссылки
- Third Party Advisory
- ExploitThird Party Advisory
- Third Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 11.11.0 (включая) до 11.11.7 (исключая)Версия от 11.11.0 (включая) до 11.11.7 (исключая)Версия от 12.0.0 (включая) до 12.0.4 (исключая)Версия от 12.0.0 (включая) до 12.0.4 (исключая)Версия от 12.1.0 (включая) до 12.1.2 (исключая)Версия от 12.1.0 (включая) до 12.1.2 (исключая)
Одно из
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
EPSS
Процентиль: 39%
0.00169
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-200
CWE-200
Связанные уязвимости
CVSS3: 5.3
ubuntu
почти 6 лет назад
An authorization issue was discovered in the GitLab CE/EE CI badge images endpoint which could result in disclosure of the build status. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6.
CVSS3: 5.3
debian
почти 6 лет назад
An authorization issue was discovered in the GitLab CE/EE CI badge ima ...
CVSS3: 5.3
github
около 3 лет назад
An authorization issue was discovered in the GitLab CE/EE CI badge images endpoint which could result in disclosure of the build status. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6.
EPSS
Процентиль: 39%
0.00169
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-200
CWE-200