Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2023-4008

Опубликовано: 03 авг. 2023
Источник: redhat
EPSS Низкий

Описание

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.9 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible to takeover GitLab Pages with unique domain URLs if the random string added was known.

Отчет

The GitLab package used in OpenShift is a GitLab API NodeJS library which is not affected by CVE-2023-4008.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat OpenShift Container Platform 4openshift4/ose-consoleNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
https://bugzilla.redhat.com/show_bug.cgi?id=2228987gitlab: Pages Takeover with random String

EPSS

Процентиль: 16%
0.00052
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2023-4008

CVSS3: 5.3
ubuntu
около 2 лет назад

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.9 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible to takeover GitLab Pages with unique domain URLs if the random string added was known.

nvd логотип

CVE-2023-4008

CVSS3: 5.3
nvd
около 2 лет назад

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.9 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible to takeover GitLab Pages with unique domain URLs if the random string added was known.

debian логотип

CVE-2023-4008

CVSS3: 5.3
debian
около 2 лет назад

An issue has been discovered in GitLab CE/EE affecting all versions st ...

github логотип

GHSA-29hm-v8p9-7mcg

CVSS3: 5.3
github
около 2 лет назад

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.9 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible to takeover GitLab Pages with unique domain URLs if the random string added was known.

EPSS

Процентиль: 16%
0.00052
Низкий