Описание
Lack of email address ownership verification in the CODEOWNERS feature in all versions of GitLab EE starting from 11.3 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 allows an attacker to bypass CODEOWNERS Merge Request approval requirement under rare circumstances
Ссылки
- Vendor Advisory
- Broken Link
- Permissions RequiredThird Party Advisory
- Vendor Advisory
- Broken Link
- Permissions RequiredThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 11.3.0 (включая) до 14.2.6 (исключая)Версия от 14.3.0 (включая) до 14.3.4 (исключая)
Одно из
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:14.4.0:*:*:*:enterprise:*:*:*
Конфигурация 2Версия от 11.2.0 (включая) до 14.3.4 (исключая)
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
Конфигурация 3Версия от 11.3.0 (включая) до 14.4.1 (исключая)
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
EPSS
Процентиль: 10%
0.00037
Низкий
5.3 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-347
Связанные уязвимости
CVSS3: 5.3
debian
больше 3 лет назад
Lack of email address ownership verification in the CODEOWNERS feature ...
CVSS3: 5.3
github
около 3 лет назад
Lack of email address ownership verification in the CODEOWNERS feature in all versions of GitLab EE since version 11.3 allows an attacker to bypass CODEOWNERS Merge Request approval requirement under rare circumstances
EPSS
Процентиль: 10%
0.00037
Низкий
5.3 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-347