7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.004 Low
EPSS
Percentile
72.1%
Gitlab reports:
Remote Command Execution via GitLab Pages
Covert Redirect to Steal GitHub/Bitbucket Tokens
Remote Mirror Branches Leaked by Git Transfer Refs
Denial of Service with Markdown
Guests Can View List of Group Merge Requests
Guest Can View Merge Request Titles via System Notes
Persistent XSS via KaTeX
Emails Sent to Unauthorized Users
Hyperlink Injection in Notification Emails
Unauthorized Access to LFS Objects
Trigger Token Exposure
Upgrade Rails to 5.0.7.1 and 4.2.11
Contributed Project Information Visible in Private Profile
Imported Project Retains Prior Visibility Setting
Error disclosure on Project Import
Persistent XSS in User Status
Last Commit Status Leaked to Guest Users
Mitigations for IDN Homograph and RTLO Attacks
Access to Internal Wiki When External Wiki Enabled
User Can Comment on Locked Project Issues
Unauthorized Reaction Emojis by Guest Users
User Retains Project Role After Removal from Private Group
GitHub Token Leaked to Maintainers
Unauthenticated Blind SSRF in Jira Integration
Unauthorized Access to Group Membership
Validate SAML Response in Group SAML SSO
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.004 Low
EPSS
Percentile
72.1%