Описание
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.7 to 18.2.8, 18.3 before 18.3.4, and 18.4 before 18.4.2 that could have allowed authenticated users without project membership to view sensitive manual CI/CD variables by querying the GraphQL API.
Ссылки
- Release NotesVendor Advisory
- ExploitIssue Tracking
- Permissions Required
Уязвимые конфигурации
Одно из
EPSS
5 Medium
CVSS3
6.5 Medium
CVSS3
Дефекты
Связанные уязвимости
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.7 to 18.2.8, 18.3 before 18.3.4, and 18.4 before 18.4.2 that could have allowed authenticated users without project membership to view sensitive manual CI/CD variables by querying the GraphQL API.
GitLab has remediated an issue in GitLab CE/EE affecting all versions ...
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.7 to 18.2.8, 18.3 before 18.3.4, and 18.4 before 18.4.2 that could have allowed authenticated users without project membership to view sensitive manual CI/CD variables by querying the GraphQL API.
Уязвимость программной платформы на базе git для совместной работы над кодом GitLab, связанная с отсутствием процедуры авторизации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
EPSS
5 Medium
CVSS3
6.5 Medium
CVSS3