Описание
An issue has been discovered in GitLab CE/EE affecting all versions from 16.11 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed authenticated users to make unintended internal requests through proxy environments by injecting crafted sequences.
Ссылки
- Release NotesVendor Advisory
- Broken Link
- Permissions Required
Уязвимые конфигурации
Одно из
EPSS
8.5 High
CVSS3
8.8 High
CVSS3
Дефекты
Связанные уязвимости
An issue has been discovered in GitLab CE/EE affecting all versions fr ...
An issue has been discovered in GitLab CE/EE affecting all versions from 16.11 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed authenticated users to make unintended internal requests through proxy environments by injecting crafted sequences.
Уязвимость программной платформы на базе git для совместной работы над кодом GitLab CE/EE, связанная с недостаточной проверкой запросов на стороне сервера, позволяющая нарушителю осуществить SSRF-атаку
EPSS
8.5 High
CVSS3
8.8 High
CVSS3