Описание
An issue has been discovered in GitLab affecting all versions starting from 12.10 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. GitLab was not performing correct authentication with some Package Registries when IP address restrictions were configured, allowing an attacker already in possession of a valid Deploy Token to misuse it from any location.
Ссылки
- Third Party Advisory
- Broken LinkThird Party Advisory
- Third Party Advisory
- Broken LinkThird Party Advisory
Уязвимые конфигурации
Одно из
EPSS
6.5 Medium
CVSS3
7.4 High
CVSS3
Дефекты
Связанные уязвимости
An issue has been discovered in GitLab affecting all versions starting from 12.10 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. GitLab was not performing correct authentication with some Package Registries when IP address restrictions were configured, allowing an attacker already in possession of a valid Deploy Token to misuse it from any location.
An issue has been discovered in GitLab affecting all versions starting ...
An issue has been discovered in GitLab affecting all versions starting from 12.10 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. GitLab was not performing correct authentication with some Package Registries when IP address restrictions were configured, allowing an attacker already in possession of a valid Deploy Token to misuse it from any location.
Уязвимость функции ограничения IP-адресов программной платформы на базе git для совместной работы над кодом GitLab, позволяющая нарушителю обойти существующие ограничения безопасности
EPSS
6.5 Medium
CVSS3
7.4 High
CVSS3