Описание
An information disclosure issue has been discovered in GitLab EE affecting all versions starting from 16.5 prior to 17.2.8, from 17.3 prior to 17.3.4, and from 17.4 prior to 17.4.1. A maintainer could obtain a Dependency Proxy password by editing a certain Dependency Proxy setting.
Ссылки
- Broken Link
- Permissions Required
Уязвимые конфигурации
Конфигурация 1Версия от 16.5.0 (включая) до 17.2.8 (исключая)Версия от 17.3.0 (включая) до 17.3.4 (исключая)
Одно из
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:17.4.0:*:*:*:enterprise:*:*:*
EPSS
Процентиль: 8%
0.00032
Низкий
5.5 Medium
CVSS3
2.7 Low
CVSS3
Дефекты
CWE-821
NVD-CWE-Other
Связанные уязвимости
CVSS3: 5.5
debian
9 месяцев назад
An information disclosure issue has been discovered in GitLab EE affec ...
CVSS3: 5.5
github
9 месяцев назад
An information disclosure issue has been discovered in GitLab EE affecting all versions starting from 16.5 prior to 17.2.8, from 17.3 prior to 17.3.4, and from 17.4 prior to 17.4.1. A maintainer could obtain a Dependency Proxy password by editing a certain Dependency Proxy setting.
EPSS
Процентиль: 8%
0.00032
Низкий
5.5 Medium
CVSS3
2.7 Low
CVSS3
Дефекты
CWE-821
NVD-CWE-Other