Описание
An information disclosure issue in GitLab EE affecting all versions from 16.2 prior to 16.2.5, and 16.3 prior to 16.3.1 allowed other Group Owners to see the Public Key for a Google Cloud Logging audit event streaming destination, if configured. Owners can now only write the key, not read it.
Ссылки
- Broken Link
- Permissions Required
- Broken Link
- Permissions Required
Уязвимые конфигурации
Конфигурация 1Версия от 16.2 (включая) до 16.2.5 (исключая)Версия от 16.2 (включая) до 16.2.5 (исключая)
Одно из
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:16.3.0:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:16.3.0:*:*:*:enterprise:*:*:*
EPSS
Процентиль: 13%
0.00042
Низкий
5.5 Medium
CVSS3
3.8 Low
CVSS3
Дефекты
CWE-312
CWE-312
Связанные уязвимости
CVSS3: 5.5
debian
больше 2 лет назад
An information disclosure issue in GitLab EE affecting all versions fr ...
CVSS3: 5.5
github
больше 2 лет назад
An information disclosure issue in GitLab EE affecting all versions from 16.2 prior to 16.2.5, and 16.3 prior to 16.3.1 allowed other Group Owners to see the Public Key for a Google Cloud Logging audit event streaming destination, if configured. Owners can now only write the key, not read it.
EPSS
Процентиль: 13%
0.00042
Низкий
5.5 Medium
CVSS3
3.8 Low
CVSS3
Дефекты
CWE-312
CWE-312