Описание
In all versions of GitLab CE/EE since version 12.0, a lower privileged user can import users from projects that they don't have a maintainer role on and disclose email addresses of those users.
Ссылки
- Vendor Advisory
- ExploitVendor Advisory
- Third Party Advisory
- Vendor Advisory
- ExploitVendor Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 12.0 (включая) до 14.1.7 (исключая)Версия от 12.0 (включая) до 14.1.7 (исключая)Версия от 14.2 (включая) до 14.2.5 (исключая)Версия от 14.2 (включая) до 14.2.5 (исключая)
Одно из
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:14.3.0:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:14.3.0:*:*:*:enterprise:*:*:*
EPSS
Процентиль: 60%
0.00401
Низкий
4.3 Medium
CVSS3
4 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
CVSS3: 4.3
ubuntu
больше 3 лет назад
In all versions of GitLab CE/EE since version 12.0, a lower privileged user can import users from projects that they don't have a maintainer role on and disclose email addresses of those users.
CVSS3: 4.3
debian
больше 3 лет назад
In all versions of GitLab CE/EE since version 12.0, a lower privileged ...
CVSS3: 4.3
github
больше 3 лет назад
In all versions of GitLab CE/EE since version 12.0, a lower privileged user can import users from projects that they don't have a maintainer role on and disclose email addresses of those users.
EPSS
Процентиль: 60%
0.00401
Низкий
4.3 Medium
CVSS3
4 Medium
CVSS2
Дефекты
NVD-CWE-Other