Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2025-5315

Опубликовано: 26 июн. 2025
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS3: 4.3

Описание

An issue has been discovered in GitLab CE/EE affecting all versions from 17.2 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated users with Guest role permissions to add child items to incident work items by sending crafted API requests that bypassed UI-enforced role restrictions.

РелизСтатусПримечание
devel

DNE

esm-apps/xenial

ignored

jammy

DNE

noble

DNE

oracular

DNE

plucky

DNE

upstream

needs-triage

Показывать по

Ссылки на источники

EPSS

Процентиль: 1%
0.00012
Низкий

4.3 Medium

CVSS3

Связанные уязвимости

CVSS3: 4.3
nvd
около 1 месяца назад

An issue has been discovered in GitLab CE/EE affecting all versions from 17.2 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated users with Guest role permissions to add child items to incident work items by sending crafted API requests that bypassed UI-enforced role restrictions.

CVSS3: 4.3
debian
около 1 месяца назад

An issue has been discovered in GitLab CE/EE affecting all versions fr ...

CVSS3: 4.3
github
около 1 месяца назад

An issue has been discovered in GitLab CE/EE affecting all versions from 17.2 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated users with Guest role permissions to add child items to incident work items by sending crafted API requests that bypassed UI-enforced role restrictions.

CVSS3: 4.3
fstec
около 1 месяца назад

Уязвимость программной платформы на базе git для совместной работы над кодом GitLab, связанная с недостатками процедуры авторизации, позволяющая нарушителю обойти ограничения безопасности и получить доступ на чтение и изменение данных

EPSS

Процентиль: 1%
0.00012
Низкий

4.3 Medium

CVSS3