Описание
Incorrect authorization in GitLab EE affecting all versions from 10.7 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allowed an attacker already in possession of a valid Deploy Key or a Deploy Token to misuse it from any location to access Container Registries even when IP address restrictions were configured.
Ссылки
- Vendor Advisory
- Broken Link
- Vendor Advisory
- Broken Link
Уязвимые конфигурации
Одно из
EPSS
6.5 Medium
CVSS3
4.3 Medium
CVSS3
4 Medium
CVSS2
Дефекты
Связанные уязвимости
Incorrect authorization in GitLab EE affecting all versions from 10.7 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allowed an attacker already in possession of a valid Deploy Key or a Deploy Token to misuse it from any location to access Container Registries even when IP address restrictions were configured.
Incorrect authorization in GitLab EE affecting all versions from 10.7 ...
Incorrect authorization in GitLab EE affecting all versions from 10.7 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allowed an attacker already in possession of a valid Deploy Key or a Deploy Token to misuse it from any location to access Container Registries even when IP address restrictions were configured.
EPSS
6.5 Medium
CVSS3
4.3 Medium
CVSS3
4 Medium
CVSS2