Описание
An issue has been discovered in GitLab CE/EE affecting all versions from 17.11 before 17.11.4 and 18.0 before 18.0.2. A missing authorization check may have allowed compliance frameworks to be applied to projects outside the compliance framework's group.
Ссылки
- Broken Link
- Permissions Required
Уязвимые конфигурации
Одно из
EPSS
8.5 High
CVSS3
9.9 Critical
CVSS3
Дефекты
Связанные уязвимости
An issue has been discovered in GitLab CE/EE affecting all versions from 17.11 before 17.11.4 and 18.0 before 18.0.2. A missing authorization check may have allowed compliance frameworks to be applied to projects outside the compliance framework's group.
An issue has been discovered in GitLab CE/EE affecting all versions fr ...
An issue has been discovered in GitLab CE/EE affecting all versions from 17.11 before 17.11.4 and 18.0 before 18.0.2. A missing authorization check may have allowed compliance frameworks to be applied to projects outside the compliance framework's group.
Уязвимость программной платформы на базе git для совместной работы над кодом GitLab Enterprise Edition (EE), связанная с недостатками процедуры авторизации, позволяющая нарушителю получить доступ на чтение и изменение данных
EPSS
8.5 High
CVSS3
9.9 Critical
CVSS3