Описание
A flawed DNS rebinding protection issue was discovered in GitLab CE/EE 10.2 and later in the url_blocker.rb which could result in SSRF where the library is utilized.
Ссылки
- PatchRelease NotesVendor Advisory
- ExploitVendor Advisory
- Permissions Required
- PatchRelease NotesVendor Advisory
- ExploitVendor Advisory
- Permissions Required
Уязвимые конфигурации
Конфигурация 1Версия от 10.2.0 (включая) до 11.11.7 (исключая)Версия от 10.2.0 (включая) до 11.11.7 (исключая)
Одно из
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
EPSS
Процентиль: 62%
0.0043
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-20
CWE-918
Связанные уязвимости
CVSS3: 9.8
ubuntu
около 6 лет назад
A flawed DNS rebinding protection issue was discovered in GitLab CE/EE 10.2 and later in the `url_blocker.rb` which could result in SSRF where the library is utilized.
CVSS3: 9.8
debian
около 6 лет назад
A flawed DNS rebinding protection issue was discovered in GitLab CE/EE ...
github
больше 3 лет назад
A flawed DNS rebinding protection issue was discovered in GitLab CE/EE 10.2 and later in the `url_blocker.rb` which could result in SSRF where the library is utilized.
EPSS
Процентиль: 62%
0.0043
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-20
CWE-918