Описание
An information disclosure vulnerability in the GitLab CE/EE API since version 8.9.6 allows a user to see basic information on private groups that a public project has been shared with
Ссылки
- Vendor Advisory
- Broken Link
- Permissions RequiredThird Party Advisory
- Vendor Advisory
- Broken Link
- Permissions RequiredThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 8.9.6 (включая) до 14.2.6 (исключая)Версия от 8.9.6 (включая) до 14.2.6 (исключая)
Одно из
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
EPSS
Процентиль: 53%
0.003
Низкий
4.3 Medium
CVSS3
4 Medium
CVSS2
Дефекты
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 4.3
ubuntu
больше 4 лет назад
An information disclosure vulnerability in the GitLab CE/EE API since version 8.9.6 allows a user to see basic information on private groups that a public project has been shared with
CVSS3: 4.3
debian
больше 4 лет назад
An information disclosure vulnerability in the GitLab CE/EE API since ...
github
больше 3 лет назад
An information disclosure vulnerability in the GitLab CE/EE API since version 8.9.6 allows a user to see basic information on private groups that a public project has been shared with
EPSS
Процентиль: 53%
0.003
Низкий
4.3 Medium
CVSS3
4 Medium
CVSS2
Дефекты
NVD-CWE-noinfo