Описание
An issue has been discovered in GitLab CE/EE affecting all versions from 16.1.0 before 16.11.5, all versions starting from 17.0 before 17.0.3, all versions starting from 17.1.0 before 17.1.1 which allowed for a CSRF attack on GitLab's GraphQL API leading to the execution of arbitrary GraphQL mutations.
Ссылки
- ExploitIssue Tracking
- Permissions Required
Уязвимые конфигурации
Одно из
EPSS
8.1 High
CVSS3
Дефекты
Связанные уязвимости
An issue has been discovered in GitLab CE/EE affecting all versions from 16.1.0 before 16.11.5, all versions starting from 17.0 before 17.0.3, all versions starting from 17.1.0 before 17.1.1 which allowed for a CSRF attack on GitLab's GraphQL API leading to the execution of arbitrary GraphQL mutations.
An issue has been discovered in GitLab CE/EE affecting all versions fr ...
An issue has been discovered in GitLab CE/EE affecting all versions from 16.1.0 before 16.11.5, all versions starting from 17.0 before 17.0.3, all versions starting from 17.1.0 before 17.1.1 which allowed for a CSRF attack on GitLab's GraphQL API leading to the execution of arbitrary GraphQL mutations.
Уязвимость интерфейса GraphQL API программной платформы на базе git для совместной работы над кодом GitLab, позволяющая нарушителю осуществить CSRF-атаку
EPSS
8.1 High
CVSS3