CVE-2022-0249

Опубликовано: 28 мар. 2022

Источник: nvd

CVSS3: 3.1

CVSS3: 9.1

CVSS2: 6.4

EPSS Низкий

Описание

A vulnerability was discovered in GitLab starting with version 12. GitLab was vulnerable to a blind SSRF attack since requests to shared address space were not blocked.

Ссылки

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0249.json
Vendor Advisory
https://gitlab.com/gitlab-org/gitlab/-/issues/29395
Exploit
Issue Tracking
Vendor Advisory
https://hackerone.com/reports/579934
Permissions Required
Third Party Advisory
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0249.json
Vendor Advisory
https://gitlab.com/gitlab-org/gitlab/-/issues/29395
Exploit
Issue Tracking
Vendor Advisory
https://hackerone.com/reports/579934
Permissions Required
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*

Версия от 12.0 (включая) до 14.5.4 (включая)

cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*

Версия от 14.6 (включая) до 14.6.4 (включая)

cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*

Версия от 14.7 (включая) до 14.7.1 (включая)

EPSS

Процентиль: 46%

0.00233

Низкий

3.1 Low

CVSS3

9.1 Critical

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-918

Связанные уязвимости

CVE-2022-0249

CVSS3: 3.1

ubuntu

около 3 лет назад

A vulnerability was discovered in GitLab starting with version 12. GitLab was vulnerable to a blind SSRF attack since requests to shared address space were not blocked.

CVE-2022-0249

CVSS3: 3.1

debian

около 3 лет назад

A vulnerability was discovered in GitLab starting with version 12. Git ...

GHSA-q7f8-fr48-qw7g

CVSS3: 9.1

github

около 3 лет назад

A vulnerability was discovered in GitLab starting with version 12. GitLab was vulnerable to a blind SSRF attack since requests to shared address space were not blocked.

EPSS

Процентиль: 46%

0.00233

Низкий

3.1 Low

CVSS3

9.1 Critical

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-918