Описание
An issue has been discovered in GitLab affecting all versions starting from 13.2. Gitlab was vulnerable to SRRF attack through the Prometheus integration.
Ссылки
- Vendor Advisory
- ExploitVendor Advisory
- Permissions RequiredThird Party Advisory
- Vendor Advisory
- ExploitVendor Advisory
- Permissions RequiredThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 13.2.0 (включая) до 13.6.7 (исключая)Версия от 13.2.0 (включая) до 13.6.7 (исключая)Версия от 13.7.0 (включая) до 13.7.7 (исключая)Версия от 13.7.0 (включая) до 13.7.7 (исключая)Версия от 13.8.0 (включая) до 13.8.4 (исключая)Версия от 13.8.0 (включая) до 13.8.4 (исключая)
Одно из
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
EPSS
Процентиль: 51%
0.00275
Низкий
5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-918
Связанные уязвимости
CVSS3: 5
ubuntu
почти 5 лет назад
An issue has been discovered in GitLab affecting all versions starting from 13.2. Gitlab was vulnerable to SRRF attack through the Prometheus integration.
CVSS3: 5
debian
почти 5 лет назад
An issue has been discovered in GitLab affecting all versions starting ...
github
больше 3 лет назад
An issue has been discovered in GitLab affecting all versions starting from 13.2. Gitlab was vulnerable to SRRF attack through the Prometheus integration.
EPSS
Процентиль: 51%
0.00275
Низкий
5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-918