Описание
GitLab has remediated an issue in GitLab EE affecting all versions from 15.4 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to add email addresses to targeted user accounts due to improper sanitization of HTML content.
Ссылки
- Release NotesVendor Advisory
- Broken Link
- Permissions Required
Уязвимые конфигурации
Конфигурация 1Версия от 15.4.0 (включая) до 18.8.7 (исключая)Версия от 18.9.0 (включая) до 18.9.3 (исключая)
Одно из
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:18.10.0:*:*:*:enterprise:*:*:*
EPSS
Процентиль: 19%
0.00063
Низкий
7.7 High
CVSS3
5.4 Medium
CVSS3
Дефекты
CWE-80
CWE-79
Связанные уязвимости
CVSS3: 7.7
debian
6 дней назад
GitLab has remediated an issue in GitLab EE affecting all versions fro ...
CVSS3: 7.7
github
6 дней назад
GitLab has remediated an issue in GitLab EE affecting all versions from 15.4 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to add email addresses to targeted user accounts due to improper sanitization of HTML content.
EPSS
Процентиль: 19%
0.00063
Низкий
7.7 High
CVSS3
5.4 Medium
CVSS3
Дефекты
CWE-80
CWE-79