Описание
An issue has been discovered in GitLab CE/EE affecting all versions from 10.7 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed authenticated users to disrupt access to token listings and related administrative operations by creating tokens with excessively large names.
Ссылки
- Release NotesVendor Advisory
- Broken Link
- Permissions Required
Уязвимые конфигурации
Конфигурация 1Версия от 10.7.0 (включая) до 18.1.6 (исключая)Версия от 10.7.0 (включая) до 18.1.6 (исключая)Версия от 18.2.0 (включая) до 18.2.6 (исключая)Версия от 18.2.0 (включая) до 18.2.6 (исключая)Версия от 18.3.0 (включая) до 18.3.2 (исключая)Версия от 18.3.0 (включая) до 18.3.2 (исключая)
Одно из
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
EPSS
Процентиль: 11%
0.00037
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-1284
Связанные уязвимости
CVSS3: 6.5
debian
7 месяцев назад
An issue has been discovered in GitLab CE/EE affecting all versions fr ...
CVSS3: 6.5
github
7 месяцев назад
An issue has been discovered in GitLab CE/EE affecting all versions from 10.7 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed authenticated users to disrupt access to token listings and related administrative operations by creating tokens with excessively large names.
EPSS
Процентиль: 11%
0.00037
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-1284