Описание
An issue has been discovered in GitLab CE/EE affecting all versions from 15.7 before 17.11.6, 18.0 before 18.0.4, and 18.1 before 18.1.2 that could have allowed authenticated users with developer access to obtain ID tokens for protected branches under certain circumstances.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-apps/xenial | ignored | |
| jammy | DNE | |
| noble | DNE | |
| plucky | DNE | |
| upstream | needs-triage |
Показывать по
5 Medium
CVSS3
Связанные уязвимости
An issue has been discovered in GitLab CE/EE affecting all versions from 15.7 before 17.11.6, 18.0 before 18.0.4, and 18.1 before 18.1.2 that could have allowed authenticated users with developer access to obtain ID tokens for protected branches under certain circumstances.
An issue has been discovered in GitLab CE/EE affecting all versions fr ...
An issue has been discovered in GitLab CE/EE affecting all versions from 15.7 before 17.11.6, 18.0 before 18.0.4, and 18.1 before 18.1.2 that could have allowed authenticated users with developer access to obtain ID tokens for protected branches under certain circumstances.
Уязвимость программной платформы на базе git для совместной работы над кодом GitLab EE/CE, связанная с неправильным присвоением разрешений для критичного ресурса, позволяющая нарушителю получить доступ на чтение и изменение данных
5 Medium
CVSS3