Описание
An authorization issue affecting GitLab EE affecting all versions from 14.7 prior to 16.3.6, 16.4 prior to 16.4.2, and 16.5 prior to 16.5.1, allowed a user to run jobs in protected environments, bypassing any required approvals.
Ссылки
- Broken Link
- Permissions Required
- Broken Link
- Permissions Required
Уязвимые конфигурации
Конфигурация 1Версия от 14.7.0 (включая) до 16.3.6 (исключая)Версия от 16.4.0 (включая) до 16.4.2 (исключая)
Одно из
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:16.5.0:*:*:*:enterprise:*:*:*
EPSS
Процентиль: 0%
0.00006
Низкий
3.5 Low
CVSS3
6.5 Medium
CVSS3
Дефекты
CWE-862
NVD-CWE-Other
Связанные уязвимости
CVSS3: 3.5
debian
около 2 лет назад
An authorization issue affecting GitLab EE affecting all versions from ...
CVSS3: 3.5
github
около 2 лет назад
An authorization issue affecting GitLab EE affecting all versions from 14.7 prior to 16.3.6, 16.4 prior to 16.4.2, and 16.5 prior to 16.5.1, allowed a user to run jobs in protected environments, bypassing any required approvals.
EPSS
Процентиль: 0%
0.00006
Низкий
3.5 Low
CVSS3
6.5 Medium
CVSS3
Дефекты
CWE-862
NVD-CWE-Other