Описание
In all versions of GitLab CE/EE since version 7.7, the application may let a malicious user create an OAuth client application with arbitrary scope names which may allow the malicious user to trick unsuspecting users to authorize the malicious client application using the spoofed scope name and description.
Ссылки
- Vendor Advisory
- Broken Link
- Permissions RequiredThird Party Advisory
- Vendor Advisory
- Broken Link
- Permissions RequiredThird Party Advisory
Уязвимые конфигурации
Одно из
EPSS
3.5 Low
CVSS3
3.5 Low
CVSS2
Дефекты
Связанные уязвимости
In all versions of GitLab CE/EE since version 7.7, the application may let a malicious user create an OAuth client application with arbitrary scope names which may allow the malicious user to trick unsuspecting users to authorize the malicious client application using the spoofed scope name and description.
In all versions of GitLab CE/EE since version 7.7, the application may ...
In all versions of GitLab CE/EE since version 7.7, the application may let a malicious user create an OAuth client application with arbitrary scope names which may allow the malicious user to trick unsuspecting users to authorize the malicious client application using the spoofed scope name and description.
EPSS
3.5 Low
CVSS3
3.5 Low
CVSS2