Описание
An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.6 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2 in which cross-site request forgery may have been possible on GitLab instances configured to use JWT as an OmniAuth provider.
Ссылки
- Broken Link
- Permissions Required
Уязвимые конфигурации
Одно из
EPSS
6.4 Medium
CVSS3
8.8 High
CVSS3
Дефекты
Связанные уязвимости
An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.6 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2 in which cross-site request forgery may have been possible on GitLab instances configured to use JWT as an OmniAuth provider.
An issue has been discovered in GitLab CE/EE affecting all versions st ...
An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.6 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2 in which cross-site request forgery may have been possible on GitLab instances configured to use JWT as an OmniAuth provider.
Уязвимость конфигурации JWT OmniAuth provider программной платформы на базе git для совместной работы над кодом GitLab, позволяющая нарушителю провести атаку межсайтового скриптинга (XSS)
EPSS
6.4 Medium
CVSS3
8.8 High
CVSS3