Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
freebsdFreeBSD3117E6CD-1772-11EE-9CD6-001B217B3468
HistoryJun 29, 2023 - 12:00 a.m.

Gitlab -- Vulnerabilities

2023-06-2900:00:00
vuxml.freebsd.org
19
redos
markdown
private projects
visibility
webhook secrets
information disclosure
code owners
branch protection
html injection
webhook token
sidekiq logs
email address disclosure
issues api

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

44.6%

JSON

Gitlab reports:

ReDoS via EpicReferenceFilter in any Markdown fields
New commits to private projects visible in forks created while project was public
New commits to private projects visible in forks created while project was public
Maintainer can leak masked webhook secrets by manipulating URL masking
Information disclosure of project import errors
Sensitive information disclosure via value stream analytics controller
Bypassing Code Owners branch protection rule in GitLab
HTML injection in email address
Webhook token leaked in Sidekiq logs if log format is ‘default’
Private email address of service desk issue creator disclosed via issues API

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchgitlab-ce= 16.1.0UNKNOWN
FreeBSDanynoarchgitlab-ce< 16.1.1UNKNOWN

Related

nessus 11
osv 20
ubuntucve 9
nvd 10
cve 10
cvelist 10
debiancve 10
veracode 9
prion 10
nessus
nessus
FreeBSD : Gitlab -- Vulnerabilities (3117e6cd-1772-11ee-9cd6-001b217b3468)
2023-06-30 00:00:00
GitLab 16.0 < 16.0.6 / 16.1 < 16.1.1 (CVE-2023-3362)
2023-06-29 00:00:00
GitLab 13.7 < 15.11.10 / 16.0 < 16.0.6 / 16.1 < 16.1.1 (CVE-2023-2576)
2023-06-29 00:00:00
osv
osv
BIT-gitlab-2023-2576
2024-03-06 11:07:34
CVE-2023-2576
2023-07-13 03:15:09
BIT-gitlab-2023-3363
2024-03-06 11:05:58
ubuntucve
ubuntucve
CVE-2023-2576
2023-07-13 00:00:00
CVE-2023-3444
2023-07-13 00:00:00
CVE-2023-2190
2023-07-13 00:00:00
nvd
nvd
CVE-2023-2576
2023-07-13 03:15:09
CVE-2023-3362
2023-07-13 03:15:10
CVE-2023-2190
2023-07-13 02:15:09
cve
cve
CVE-2023-2576
2023-07-13 03:15:09
CVE-2023-3362
2023-07-13 03:15:10
CVE-2023-1936
2023-07-11 08:15:10
cvelist
cvelist
CVE-2023-2576 Improper Access Control in GitLab
2023-07-13 02:08:59
CVE-2023-3444 Improper Control of Resource Identifiers ('Resource Injection') in GitLab
2023-07-13 02:08:20
CVE-2023-2190 Authorization Bypass Through User-Controlled Key in GitLab
2023-07-13 02:00:02
debiancve
debiancve
CVE-2023-2576
2023-07-13 03:15:09
CVE-2023-1936
2023-07-11 08:15:10
CVE-2023-3362
2023-07-13 03:15:10
veracode
veracode
Information Disclosure
2023-07-18 15:37:42
Improper Authentication
2023-07-18 15:33:39
Improper Access Control
2023-08-07 02:26:47
prion
prion
Design/Logic Flaw
2023-07-13 03:15:00
Information disclosure
2023-07-13 03:15:00
Design/Logic Flaw
2023-07-13 02:15:00

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

44.6%

JSON
Related for 3117E6CD-1772-11EE-9CD6-001B217B3468
nessus11osv20ubuntucve9nvd10cve10cvelist10debiancve10veracode9prion10