Опубликовано: 14 сент. 2020
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 6.4
CVSS3: 8
Описание
GitLab CE/EE version 13.3 prior to 13.3.4 was vulnerable to an OAuth authorization scope change without user consent in the middle of the authorization flow.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| devel | DNE | |
| esm-apps/xenial | ignored | not maintainable |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/focal | DNE | |
| focal | DNE | |
| groovy | DNE | |
| hirsute | DNE | |
| impish | DNE | |
| jammy | DNE |
Показывать по
10
EPSS
Процентиль: 46%
0.00232
Низкий
6.4 Medium
CVSS2
8 High
CVSS3
Связанные уязвимости
CVSS3: 8
nvd
больше 5 лет назад
GitLab CE/EE version 13.3 prior to 13.3.4 was vulnerable to an OAuth authorization scope change without user consent in the middle of the authorization flow.
CVSS3: 8
debian
больше 5 лет назад
GitLab CE/EE version 13.3 prior to 13.3.4 was vulnerable to an OAuth a ...
CVSS3: 10
github
больше 3 лет назад
GitLab before version 13.3.4 was vulnerable to an OAuth authorization scope change without user consent in the middle of the authorization flow.
EPSS
Процентиль: 46%
0.00232
Низкий
6.4 Medium
CVSS2
8 High
CVSS3