CVE-2023-0805

Опубликовано: 03 мая 2023

Источник: nvd

CVSS3: 4.9

CVSS3: 8.1

EPSS Низкий

Описание

An issue has been discovered in GitLab EE affecting all versions starting from 15.2 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. A malicious group member may continue to have access to the public projects of a public group even after being banned from the public group by the owner.

Ссылки

https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0805.json
Third Party Advisory
https://gitlab.com/gitlab-org/gitlab/-/issues/391433
Broken Link
https://hackerone.com/reports/1850046
Permissions Required
https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0805.json
Third Party Advisory
https://gitlab.com/gitlab-org/gitlab/-/issues/391433
Broken Link
https://hackerone.com/reports/1850046
Permissions Required

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

Версия от 15.2 (включая) до 15.9.6 (исключая)

cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

Версия от 15.10 (включая) до 15.10.5 (исключая)

cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

Версия от 15.11 (включая) до 15.11.1 (исключая)

EPSS

Процентиль: 21%

0.00069

Низкий

4.9 Medium

CVSS3

8.1 High

CVSS3

Дефекты

NVD-CWE-noinfo

CWE-862

Связанные уязвимости

CVE-2023-0805

CVSS3: 4.9

debian

почти 3 года назад

An issue has been discovered in GitLab EE affecting all versions start ...

GHSA-99jh-9v4f-3xmf

CVSS3: 4.9

github

почти 3 года назад

EPSS

Процентиль: 21%

0.00069

Низкий

4.9 Medium

CVSS3

8.1 High

CVSS3

Дефекты

NVD-CWE-noinfo

CWE-862