Описание
A blind SSRF vulnerability was identified in all versions of GitLab EE prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 which allows an attacker to connect to a local host.
Ссылки
- Vendor Advisory
- ExploitIssue TrackingVendor Advisory
- Permissions RequiredThird Party Advisory
- Vendor Advisory
- ExploitIssue TrackingVendor Advisory
- Permissions RequiredThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 15.4.6 (исключая)Версия от 15.5.0 (включая) до 15.5.5 (исключая)Версия от 15.6 (включая) до 15.6.1 (исключая)
Одно из
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
EPSS
Процентиль: 53%
0.00299
Низкий
4.3 Medium
CVSS3
Дефекты
CWE-918
CWE-918
Связанные уязвимости
CVSS3: 4.3
ubuntu
около 3 лет назад
A blind SSRF vulnerability was identified in all versions of GitLab EE prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 which allows an attacker to connect to a local host.
CVSS3: 4.3
debian
около 3 лет назад
A blind SSRF vulnerability was identified in all versions of GitLab EE ...
CVSS3: 4.3
github
около 3 лет назад
A blind SSRF vulnerability was identified in all versions of GitLab EE prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 which allows an attacker to connect to a local host.
EPSS
Процентиль: 53%
0.00299
Низкий
4.3 Medium
CVSS3
Дефекты
CWE-918
CWE-918