CVE-2023-5995

Опубликовано: 01 дек. 2023

Источник: nvd

CVSS3: 4.4

CVSS3: 7.5

EPSS Низкий

Описание

An issue has been discovered in GitLab EE affecting all versions starting from 16.2 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for an attacker to abuse the policy bot to gain access to internal projects.

Ссылки

https://gitlab.com/gitlab-org/gitlab/-/issues/425361
Broken Link
Vendor Advisory
https://hackerone.com/reports/2138880
Permissions Required
Third Party Advisory
https://gitlab.com/gitlab-org/gitlab/-/issues/425361
Broken Link
Vendor Advisory
https://hackerone.com/reports/2138880
Permissions Required
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

Версия от 16.2.0 (включая) до 16.4.3 (исключая)

cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

Версия от 16.5.0 (включая) до 16.5.3 (исключая)

cpe:2.3:a:gitlab:gitlab:16.6.0:*:*:*:enterprise:*:*:*

EPSS

Процентиль: 12%

0.00039

Низкий

4.4 Medium

CVSS3

7.5 High

CVSS3

Дефекты

CWE-863

NVD-CWE-noinfo

Связанные уязвимости

CVE-2023-5995

CVSS3: 4.4

ubuntu

около 2 лет назад

CVE-2023-5995

CVSS3: 4.4

debian

около 2 лет назад

An issue has been discovered in GitLab EE affecting all versions start ...

GHSA-jgpj-vfxg-97h5

CVSS3: 4.4

github

около 2 лет назад

EPSS

Процентиль: 12%

0.00039

Низкий

4.4 Medium

CVSS3

7.5 High

CVSS3

Дефекты

CWE-863

NVD-CWE-noinfo