Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2024-1347

Опубликовано: 25 апр. 2024
Источник: redhat
CVSS3: 4.3
EPSS Низкий

Описание

An issue has been discovered in GitLab CE/EE affecting all versions before 16.9.6, all versions starting from 16.10 before 16.10.4, all versions starting from 16.11 before 16.11.1. Under certain conditions, an attacker through a crafted email address may be able to bypass domain based restrictions on an instance or a group.

A flaw was found in GitLab CE/EE. Under certain conditions, an attacker, through a crafted email address, can bypass domain-based restrictions on an instance or a group. This issue affects all versions through 16.9.6, 16.10 through 16.10.4, and 16.11 through 16.11.1.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat OpenShift Container Platform 4openshift4/ose-consoleWill not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-287
https://bugzilla.redhat.com/show_bug.cgi?id=2277132gitlab: bypass domain based restrictions on an instance or a group by a crafted email

EPSS

Процентиль: 1%
0.00011
Низкий

4.3 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2024-1347

CVSS3: 4.3
ubuntu
почти 2 года назад

An issue has been discovered in GitLab CE/EE affecting all versions before 16.9.6, all versions starting from 16.10 before 16.10.4, all versions starting from 16.11 before 16.11.1. Under certain conditions, an attacker through a crafted email address may be able to bypass domain based restrictions on an instance or a group.

nvd логотип

CVE-2024-1347

CVSS3: 4.3
nvd
почти 2 года назад

An issue has been discovered in GitLab CE/EE affecting all versions before 16.9.6, all versions starting from 16.10 before 16.10.4, all versions starting from 16.11 before 16.11.1. Under certain conditions, an attacker through a crafted email address may be able to bypass domain based restrictions on an instance or a group.

debian логотип

CVE-2024-1347

CVSS3: 4.3
debian
почти 2 года назад

An issue has been discovered in GitLab CE/EE affecting all versions be ...

github логотип

GHSA-2x3p-pww2-fg9r

CVSS3: 4.3
github
почти 2 года назад

An issue has been discovered in GitLab CE/EE affecting all versions before 16.9.6, all versions starting from 16.10 before 16.10.4, all versions starting from 16.11 before 16.11.1. Under certain conditions, an attacker through a crafted email address may be able to bypass domain based restrictions on an instance or a group.

fstec логотип

BDU:2024-05690

CVSS3: 4.3
fstec
почти 2 года назад

Уязвимость компонента Email Address Handler программной платформы на базе git для совместной работы над кодом GitLab, позволяющая нарушителю получить несанкционированный доступ к ограниченным функциям

EPSS

Процентиль: 1%
0.00011
Низкий

4.3 Medium

CVSS3