Описание
Improper authorization in GitLab Pages included with GitLab CE/EE affecting all versions from 11.5 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowed an attacker to steal a user's access token on an attacker-controlled private GitLab Pages website and reuse that token on the victim's other private websites
Ссылки
- Vendor Advisory
- Broken Link
- Permissions RequiredThird Party Advisory
- Vendor Advisory
- Broken Link
- Permissions RequiredThird Party Advisory
Уязвимые конфигурации
Одно из
EPSS
5.3 Medium
CVSS3
6.5 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
Связанные уязвимости
Improper authorization in GitLab Pages included with GitLab CE/EE affecting all versions from 11.5 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowed an attacker to steal a user's access token on an attacker-controlled private GitLab Pages website and reuse that token on the victim's other private websites
Improper authorization in GitLab Pages included with GitLab CE/EE affe ...
Improper authorization in GitLab Pages included with GitLab CE/EE affecting all versions from 11.5 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowed an attacker to steal a user's access token on an attacker-controlled private GitLab Pages website and reuse that token on the victim's other private websites
EPSS
5.3 Medium
CVSS3
6.5 Medium
CVSS3
4.3 Medium
CVSS2