CVE-2023-4912

Опубликовано: 01 дек. 2023

Источник: nvd

CVSS3: 2.6

CVSS3: 6.5

EPSS Низкий

Описание

An issue has been discovered in GitLab EE affecting all versions starting from 10.5 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for an attacker to cause a client-side denial of service using malicious crafted mermaid diagram input.

Ссылки

https://gitlab.com/gitlab-org/gitlab/-/issues/424882
Broken Link
Vendor Advisory
https://hackerone.com/reports/2137421
Permissions Required
Third Party Advisory
https://gitlab.com/gitlab-org/gitlab/-/issues/424882
Broken Link
Vendor Advisory
https://hackerone.com/reports/2137421
Permissions Required
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

Версия от 10.5.0 (включая) до 16.4.3 (исключая)

cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

Версия от 16.5.0 (включая) до 16.5.3 (исключая)

cpe:2.3:a:gitlab:gitlab:16.6.0:*:*:*:enterprise:*:*:*

EPSS

Процентиль: 19%

0.0006

Низкий

2.6 Low

CVSS3

6.5 Medium

CVSS3

Дефекты

CWE-770

NVD-CWE-noinfo

Связанные уязвимости

CVE-2023-4912

CVSS3: 2.6

ubuntu

около 2 лет назад

CVE-2023-4912

CVSS3: 2.6

debian

около 2 лет назад

An issue has been discovered in GitLab EE affecting all versions start ...

GHSA-cqvh-4wv3-g3cj

CVSS3: 4.3

github

около 2 лет назад

EPSS

Процентиль: 19%

0.0006

Низкий

2.6 Low

CVSS3

6.5 Medium

CVSS3

Дефекты

CWE-770

NVD-CWE-noinfo