Описание
A cross-site request forgery vulnerability in the GraphQL API in GitLab since version 13.12 and before versions 13.12.6 and 14.0.2 allowed an attacker to call mutations as the victim
Ссылки
- Third Party Advisory
- Broken Link
- Permissions Required
- Third Party Advisory
- Broken Link
- Permissions Required
Уязвимые конфигурации
Одно из
EPSS
7.1 High
CVSS3
6.5 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
Связанные уязвимости
A cross-site request forgery vulnerability in the GraphQL API in GitLab since version 13.12 and before versions 13.12.6 and 14.0.2 allowed an attacker to call mutations as the victim
A cross-site request forgery vulnerability in the GraphQL API in GitLa ...
A cross-site request forgery vulnerability in the GraphQL API in GitLab since version 13.12 and before versions 13.12.6 and 14.0.2 allowed an attacker to call mutations as the victim
Уязвимость компонент API GraphQL программной платформы на базе git для совместной работы над кодом GitLab, позволяющая нарушителю оказать воздействие на целостность данных
EPSS
7.1 High
CVSS3
6.5 Medium
CVSS3
4.3 Medium
CVSS2