Lucene search

FreeBSD6B2CBA6A-C6A5-11EE-97D0-001B217B3468

HistoryFeb 07, 2024 - 12:00 a.m.

Gitlab -- vulnerabilities

2024-02-0700:00:00

vuxml.freebsd.org

gitlab

group access

token creation

custom roles

scan result policy

ci/cd pipeline

pipeline syntax

resource exhaustion

graphql

6.7 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H

7.4 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

30.0%

JSON

Gitlab reports:

Restrict group access token creation for custom roles
Project maintainers can bypass group’s scan result policy block_branch_modification setting
ReDoS in CI/CD Pipeline Editor while verifying Pipeline syntax
Resource exhaustion using GraphQL vulnerabilitiesCountByDay

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchgitlab-ce= 16.8.0UNKNOWN
FreeBSDanynoarchgitlab-ce< 16.8.2UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	gitlab-ce	= 16.8.0	UNKNOWN
FreeBSD	any	noarch	gitlab-ce	< 16.8.2	UNKNOWN

References

about.gitlab.com/releases/2024/02/07/security-release-gitlab-16-8-2-released/

6.7 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H

7.4 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

30.0%

JSON

Related for 6B2CBA6A-C6A5-11EE-97D0-001B217B3468