Описание
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an unauthenticated user to steal tokens and access private repositories by abusing incomplete validation in the Web IDE.
Ссылки
- Release NotesVendor Advisory
- Broken LinkIssue Tracking
- Permissions Required
Уязвимые конфигурации
Одно из
EPSS
8 High
CVSS3
9.1 Critical
CVSS3
Дефекты
Связанные уязвимости
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an unauthenticated user to steal tokens and access private repositories by abusing incomplete validation in the Web IDE.
GitLab has remediated an issue in GitLab CE/EE affecting all versions ...
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an unauthenticated user to steal tokens and access private repositories by abusing incomplete validation in the Web IDE.
Уязвимость программной платформы на базе git для совместной работы над кодом GitLab, связанная с недостатком в механизме подтверждения источника, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
EPSS
8 High
CVSS3
9.1 Critical
CVSS3