CVE-2022-0136

Опубликовано: 28 мар. 2022

Источник: nvd

CVSS3: 5.4

CVSS3: 8.1

CVSS2: 5.5

EPSS Низкий

Описание

A vulnerability was discovered in GitLab versions 10.5 to 14.5.4, 14.6 to 14.6.4, and 14.7 to 14.7.1. GitLab was vulnerable to a blind SSRF attack through the Project Import feature.

Ссылки

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0136.json
Vendor Advisory
https://gitlab.com/gitlab-org/gitlab/-/issues/28561
Broken Link
https://hackerone.com/reports/560658
Permissions Required
Third Party Advisory
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0136.json
Vendor Advisory
https://gitlab.com/gitlab-org/gitlab/-/issues/28561
Broken Link
https://hackerone.com/reports/560658
Permissions Required
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*

Версия от 10.5.0 (включая) до 14.5.4 (включая)

cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*

Версия от 14.6 (включая) до 14.6.4 (включая)

cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*

Версия от 14.7.0 (включая) до 14.7.1 (включая)

EPSS

Процентиль: 42%

0.00198

Низкий

5.4 Medium

CVSS3

8.1 High

CVSS3

5.5 Medium

CVSS2

Дефекты

CWE-918

Связанные уязвимости

CVE-2022-0136

CVSS3: 5.4

ubuntu

почти 4 года назад

A vulnerability was discovered in GitLab versions 10.5 to 14.5.4, 14.6 to 14.6.4, and 14.7 to 14.7.1. GitLab was vulnerable to a blind SSRF attack through the Project Import feature.

CVE-2022-0136

CVSS3: 5.4

debian

почти 4 года назад

A vulnerability was discovered in GitLab versions 10.5 to 14.5.4, 14.6 ...

GHSA-6c5h-gg2j-qp46

CVSS3: 8.1

github

почти 4 года назад

A vulnerability was discovered in GitLab versions 10.5 to 14.5.4, 14.6 to 14.6.4, and 14.7 to 14.7.1. GitLab was vulnerable to a blind SSRF attack through the Project Import feature.

EPSS

Процентиль: 42%

0.00198

Низкий

5.4 Medium

CVSS3

8.1 High

CVSS3

5.5 Medium

CVSS2

Дефекты

CWE-918