Описание
An issue has been discovered in GitLab EE affecting all versions starting from 12.8 before 15.11.11, all versions starting from 16.0 before 16.0.7, all versions starting from 16.1 before 16.1.2. An attacker could change the name or path of a public top-level group in certain situations.
Ссылки
- Broken Link
- Permissions Required
- Vendor Advisory
- Broken Link
- Permissions Required
Уязвимые конфигурации
Конфигурация 1Версия от 12.8.0 (включая) до 15.11.11 (исключая)Версия от 16.0.0 (включая) до 16.0.7 (исключая)Версия от 16.1.0 (включая) до 16.1.2 (исключая)
Одно из
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
EPSS
Процентиль: 29%
0.00107
Низкий
8 High
CVSS3
6.5 Medium
CVSS3
Дефекты
CWE-863
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 8
debian
больше 2 лет назад
An issue has been discovered in GitLab EE affecting all versions start ...
CVSS3: 8
github
больше 2 лет назад
An issue has been discovered in GitLab EE affecting all versions starting from 12.8 before 15.11.11, all versions starting from 16.0 before 16.0.7, all versions starting from 16.1 before 16.1.2. An attacker could change the name or path of a public top-level group in certain situations.
EPSS
Процентиль: 29%
0.00107
Низкий
8 High
CVSS3
6.5 Medium
CVSS3
Дефекты
CWE-863
NVD-CWE-noinfo