Описание
An issue was discovered in GitLab EE affecting all versions starting from 16.0 prior to 17.6.5, starting from 17.7 prior to 17.7.4, and starting from 17.8 prior to 17.8.2, which allows an attacker to exfiltrate contents of a private issue using prompt injection.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-apps/xenial | ignored | |
| esm-infra/focal | DNE | |
| focal | DNE | |
| jammy | DNE | |
| noble | DNE | |
| oracular | DNE | |
| upstream | not-affected | EE only |
Показывать по
EPSS
6.4 Medium
CVSS3
Связанные уязвимости
An issue was discovered in GitLab EE affecting all versions starting from 16.0 prior to 17.6.5, starting from 17.7 prior to 17.7.4, and starting from 17.8 prior to 17.8.2, which allows an attacker to exfiltrate contents of a private issue using prompt injection.
An issue was discovered in GitLab EE affecting all versions starting f ...
An issue was discovered in GitLab EE affecting all versions starting from 16.0 prior to 17.6.5, starting from 17.7 prior to 17.7.4, and starting from 17.8 prior to 17.8.2, which allows an attacker to exfiltrate contents of a private issue using prompt injection.
Уязвимость программной платформы на базе git для совместной работы над кодом GitLab Enterprise Edition, связанная с неверной нейтрализацией особых элементов в выходных данных, позволяющая нарушителю обойти существующие ограничения безопасности и получить несанкционированный доступ к защищаемой информации
EPSS
6.4 Medium
CVSS3