Описание
An issue was discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.0.4 and from 17.1 prior to 17.1.2 where a Guest user with admin_push_rules permission may have been able to create project-level deploy tokens.
Ссылки
- Broken Link
- Permissions Required
- Broken Link
- Permissions Required
Уязвимые конфигурации
Одно из
EPSS
3.8 Low
CVSS3
2.7 Low
CVSS3
Дефекты
Связанные уязвимости
An issue was discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.0.4 and from 17.1 prior to 17.1.2 where a Guest user with `admin_push_rules` permission may have been able to create project-level deploy tokens.
An issue was discovered in GitLab CE/EE affecting all versions startin ...
An issue was discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.0.4 and from 17.1 prior to 17.1.2 where a Guest user with `admin_push_rules` permission may have been able to create project-level deploy tokens.
Уязвимость функции admin_push_rules компонента Project-level Deploy Token Handler программной платформы на базе git для совместной работы над кодом GitLab, позволяющая нарушителю создавать токен развертывания на уровне проекта
EPSS
3.8 Low
CVSS3
2.7 Low
CVSS3