Описание
An issue was discovered in GitLab-EE starting with version 13.3 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2 that would allow an attacker to modify an on-demand DAST scan without permissions and leak variables.
Уязвимые конфигурации
Конфигурация 1Версия от 13.3.0 (включая) до 17.1.7 (исключая)Версия от 17.2.0 (включая) до 17.2.5 (исключая)Версия от 17.3.0 (включая) до 17.3.2 (исключая)
Одно из
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
EPSS
Процентиль: 11%
0.00039
Низкий
5.3 Medium
CVSS3
9.1 Critical
CVSS3
Дефекты
CWE-863
CWE-863
Связанные уязвимости
CVSS3: 5.3
debian
11 месяцев назад
An issue was discovered in GitLab-EE starting with version 13.3 before ...
CVSS3: 5.3
github
11 месяцев назад
An issue was discovered in GitLab-EE starting with version 13.3 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2 that would allow an attacker to modify an on-demand DAST scan without permissions and leak variables.
EPSS
Процентиль: 11%
0.00039
Низкий
5.3 Medium
CVSS3
9.1 Critical
CVSS3
Дефекты
CWE-863
CWE-863