Описание
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.7 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an unauthorized user with Developer-role permissions to set pipeline variables for manually triggered jobs under certain conditions.
Ссылки
- Release NotesVendor Advisory
- Broken Link
- Permissions Required
Уязвимые конфигурации
Одно из
EPSS
4.3 Medium
CVSS3
Дефекты
Связанные уязвимости
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.7 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an unauthorized user with Developer-role permissions to set pipeline variables for manually triggered jobs under certain conditions.
GitLab has remediated an issue in GitLab CE/EE affecting all versions ...
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.7 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an unauthorized user with Developer-role permissions to set pipeline variables for manually triggered jobs under certain conditions.
Уязвимость программной платформы на базе git для совместной работы над кодом GitLab, связанная с недостатками процедуры авторизации, позволяющая нарушителю обойти ограничения безопасности
EPSS
4.3 Medium
CVSS3