CVE-2023-3949

Опубликовано: 01 дек. 2023

Источник: nvd

CVSS3: 5.3

EPSS Низкий

Описание

An issue has been discovered in GitLab affecting all versions starting from 11.3 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for unauthorized users to view a public projects' release descriptions via an atom endpoint when release access on the public was set to only project members.

Ссылки

https://gitlab.com/gitlab-org/gitlab/-/issues/419664
Broken Link
Vendor Advisory
https://hackerone.com/reports/2079374
Permissions Required
Third Party Advisory
https://gitlab.com/gitlab-org/gitlab/-/issues/419664
Broken Link
Vendor Advisory
https://hackerone.com/reports/2079374
Permissions Required
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*

Версия от 11.3.0 (включая) до 16.4.3 (исключая)

cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

Версия от 11.3.0 (включая) до 16.4.3 (исключая)

cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*

Версия от 16.5.0 (включая) до 16.5.3 (исключая)

cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

Версия от 16.5.0 (включая) до 16.5.3 (исключая)

cpe:2.3:a:gitlab:gitlab:16.6.0:*:*:*:community:*:*:*

cpe:2.3:a:gitlab:gitlab:16.6.0:*:*:*:enterprise:*:*:*

EPSS

Процентиль: 29%

0.00108

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-201

NVD-CWE-noinfo

Связанные уязвимости

CVE-2023-3949

CVSS3: 5.3

ubuntu

около 2 лет назад

CVE-2023-3949

CVSS3: 5.3

debian

около 2 лет назад

An issue has been discovered in GitLab affecting all versions starting ...

GHSA-c3hq-3p4c-ch2w

CVSS3: 5.3

github

около 2 лет назад

EPSS

Процентиль: 29%

0.00108

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-201

NVD-CWE-noinfo