Описание
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. An unauthorized project maintainer could edit the subgroup badges due to the lack of authorization control.
Ссылки
- Vendor Advisory
- Broken Link
- Permissions RequiredThird Party Advisory
- Vendor Advisory
- Broken Link
- Permissions RequiredThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 13.1.0 (включая) до 13.1.10 (исключая)Версия от 13.1.0 (включая) до 13.1.10 (исключая)Версия от 13.2.0 (включая) до 13.2.8 (исключая)Версия от 13.2.0 (включая) до 13.2.8 (исключая)Версия от 13.3.0 (включая) до 13.3.4 (исключая)Версия от 13.3.0 (включая) до 13.3.4 (исключая)
Одно из
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
EPSS
Процентиль: 37%
0.00155
Низкий
4.3 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-863
Связанные уязвимости
CVSS3: 4.3
ubuntu
почти 5 лет назад
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. An unauthorized project maintainer could edit the subgroup badges due to the lack of authorization control.
CVSS3: 4.3
debian
почти 5 лет назад
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...
github
около 3 лет назад
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. An unauthorized project maintainer could edit the subgroup badges due to the lack of authorization control.
EPSS
Процентиль: 37%
0.00155
Низкий
4.3 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-863