Описание
An issue has been discovered in the GitLab Duo with Amazon Q affecting all versions from 17.8 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. A specifically crafted issue could manipulate AI-assisted development features to potentially expose sensitive project data to unauthorized users.
Ссылки
- Broken Link
Уязвимые конфигурации
Конфигурация 1Версия от 17.8.0 (включая) до 17.8.6 (исключая)Версия от 17.8.0 (включая) до 17.8.6 (исключая)Версия от 17.9.0 (включая) до 17.9.3 (исключая)Версия от 17.9.0 (включая) до 17.9.3 (исключая)
Одно из
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:17.10.0:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:17.10.0:*:*:*:enterprise:*:*:*
EPSS
Процентиль: 6%
0.00025
Низкий
4.4 Medium
CVSS3
6.5 Medium
CVSS3
Дефекты
CWE-94
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 4.4
github
11 месяцев назад
An issue has been discovered in the GitLab Duo with Amazon Q affecting all versions from 17.8 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. A specifically crafted issue could manipulate AI-assisted development features to potentially expose sensitive project data to unauthorized users.
EPSS
Процентиль: 6%
0.00025
Низкий
4.4 Medium
CVSS3
6.5 Medium
CVSS3
Дефекты
CWE-94
NVD-CWE-noinfo