Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2025-5315

Опубликовано: 26 июн. 2025
Источник: nvd
CVSS3: 4.3
EPSS Низкий

Описание

An issue has been discovered in GitLab CE/EE affecting all versions from 17.2 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated users with Guest role permissions to add child items to incident work items by sending crafted API requests that bypassed UI-enforced role restrictions.

EPSS

Процентиль: 1%
0.0001
Низкий

4.3 Medium

CVSS3

Дефекты

CWE-862

Связанные уязвимости

CVSS3: 4.3
ubuntu
около 1 месяца назад

An issue has been discovered in GitLab CE/EE affecting all versions from 17.2 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated users with Guest role permissions to add child items to incident work items by sending crafted API requests that bypassed UI-enforced role restrictions.

CVSS3: 4.3
debian
около 1 месяца назад

An issue has been discovered in GitLab CE/EE affecting all versions fr ...

CVSS3: 4.3
github
около 1 месяца назад

An issue has been discovered in GitLab CE/EE affecting all versions from 17.2 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated users with Guest role permissions to add child items to incident work items by sending crafted API requests that bypassed UI-enforced role restrictions.

CVSS3: 4.3
fstec
около 1 месяца назад

Уязвимость программной платформы на базе git для совместной работы над кодом GitLab, связанная с недостатками процедуры авторизации, позволяющая нарушителю обойти ограничения безопасности и получить доступ на чтение и изменение данных

EPSS

Процентиль: 1%
0.0001
Низкий

4.3 Medium

CVSS3

Дефекты

CWE-862