CVE-2024-12570

Опубликовано: 12 дек. 2024

Источник: ubuntu

Приоритет: medium

EPSS Низкий

CVSS3: 6.7

Описание

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 prior to 17.4.6, from 17.5 prior to 17.5.4, and from 17.6 prior to 17.6.2. It may have been possible for an attacker with a victim's CI_JOB_TOKEN to obtain a GitLab session token belonging to the victim.

Релиз	Статус	Примечание
devel	DNE
esm-apps/xenial	ignored
esm-infra/focal	DNE
focal	DNE
jammy	DNE
noble	DNE
oracular	DNE
upstream	needs-triage

Показывать по

Ссылки на источники

EPSS

Процентиль: 3%

0.00019

Низкий

6.7 Medium

CVSS3

Связанные уязвимости

CVE-2024-12570

CVSS3: 6.7

nvd

6 месяцев назад

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 prior to 17.4.6, from 17.5 prior to 17.5.4, and from 17.6 prior to 17.6.2. It may have been possible for an attacker with a victim's `CI_JOB_TOKEN` to obtain a GitLab session token belonging to the victim.

CVE-2024-12570

CVSS3: 6.7

debian

6 месяцев назад

An issue has been discovered in GitLab CE/EE affecting all versions st ...

GHSA-7p75-9h8v-vxq4

CVSS3: 6.7

github

6 месяцев назад

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 prior to 17.4.6, from 17.5 prior to 17.5.4, and from 17.6 prior to 17.6.2. It may have been possible for an attacker with a victim's `CI_JOB_TOKEN` to obtain a GitLab session token belonging to the victim.

BDU:2025-00479

CVSS3: 6.7

fstec

6 месяцев назад

Уязвимость компонента Session Token Handler программной платформы на базе git для совместной работы над кодом GitLab, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

EPSS

Процентиль: 3%

0.00019

Низкий

6.7 Medium

CVSS3

CVE-2024-12570

Описание

Пакет gitlab

Ссылки на источники

Связанные уязвимости