Описание
An issue has been discovered in GitLab CE/EE affecting all versions starting with 14.5. Arbitrary file read was possible by importing a group was due to incorrect handling of file.
Ссылки
- Vendor Advisory
- Broken LinkVendor Advisory
- Permissions RequiredThird Party Advisory
- Vendor Advisory
- Broken LinkVendor Advisory
- Permissions RequiredThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 14.5 (включая) до 14.5.3 (включая)Версия от 14.5 (включая) до 14.5.3 (включая)Версия от 14.6 (включая) до 14.6.2 (включая)Версия от 14.6 (включая) до 14.6.2 (включая)
Одно из
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
EPSS
Процентиль: 52%
0.00286
Низкий
8.6 High
CVSS3
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-552
Связанные уязвимости
CVSS3: 8.6
ubuntu
около 4 лет назад
An issue has been discovered in GitLab CE/EE affecting all versions starting with 14.5. Arbitrary file read was possible by importing a group was due to incorrect handling of file.
CVSS3: 8.6
debian
около 4 лет назад
An issue has been discovered in GitLab CE/EE affecting all versions st ...
github
около 4 лет назад
An issue has been discovered in GitLab CE/EE affecting all versions starting with 14.5. Arbitrary file read was possible by importing a group was due to incorrect handling of file.
EPSS
Процентиль: 52%
0.00286
Низкий
8.6 High
CVSS3
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-552