Описание
Improper access control in GitLab CE/EE versions 12.4 to 14.5.4, 14.5 to 14.6.4, and 12.6 to 14.7.1 allows project non-members to retrieve the service desk email address
Ссылки
- Third Party Advisory
- ExploitIssue TrackingThird Party Advisory
- Permissions RequiredThird Party Advisory
- Third Party Advisory
- ExploitIssue TrackingThird Party Advisory
- Permissions RequiredThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 12.4.0 (включая) до 14.7.1 (исключая)Версия от 12.4.0 (включая) до 14.7.1 (исключая)
Одно из
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
EPSS
Процентиль: 50%
0.00274
Низкий
4.3 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
CVSS3: 4.3
ubuntu
почти 4 года назад
Improper access control in GitLab CE/EE versions 12.4 to 14.5.4, 14.5 to 14.6.4, and 12.6 to 14.7.1 allows project non-members to retrieve the service desk email address
CVSS3: 4.3
debian
почти 4 года назад
Improper access control in GitLab CE/EE versions 12.4 to 14.5.4, 14.5 ...
CVSS3: 4.3
github
почти 4 года назад
Improper access control in GitLab CE/EE versions 12.4 to 14.5.4, 14.5 to 14.6.4, and 12.6 to 14.7.1 allows project non-members to retrieve the service desk email address
EPSS
Процентиль: 50%
0.00274
Низкий
4.3 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
NVD-CWE-Other