Описание
GitLab::API::v4 through 0.26 does not verify TLS certificates when connecting to a GitLab server, enabling machine-in-the-middle attacks.
Ссылки
- Mailing ListPatch
- Mailing ListPatch
- Mailing List
- Mailing List
- MitigationPatchThird Party Advisory
- Issue Tracking
- Issue Tracking
- Mailing ListPatch
- Mailing ListPatch
- Mailing ListPatch
- Mailing List
- Mailing List
- MitigationPatchThird Party Advisory
- Issue Tracking
- Issue Tracking
- Mailing ListPatch
Уязвимые конфигурации
Конфигурация 1Версия до 0.26 (включая)
cpe:2.3:a:gitlab\:\:api\:\:v4_project:gitlab\:\:api\:\:v4:*:*:*:*:*:*:*:*
EPSS
Процентиль: 37%
0.00157
Низкий
5.9 Medium
CVSS3
Дефекты
CWE-295
CWE-295
Связанные уязвимости
CVSS3: 5.9
ubuntu
почти 3 года назад
GitLab::API::v4 through 0.26 does not verify TLS certificates when connecting to a GitLab server, enabling machine-in-the-middle attacks.
CVSS3: 5.9
debian
почти 3 года назад
GitLab::API::v4 through 0.26 does not verify TLS certificates when con ...
CVSS3: 5.9
github
почти 3 года назад
GitLab::API::v4 through 0.26 does not verify TLS certificates when connecting to a GitLab server, enabling machine-in-the-middle attacks.
EPSS
Процентиль: 37%
0.00157
Низкий
5.9 Medium
CVSS3
Дефекты
CWE-295
CWE-295