Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
freebsdFreeBSDCDB5338D-04EC-11EE-9C88-001B217B3468
HistoryJun 05, 2023 - 12:00 a.m.

Gitlab -- Vulnerability

2023-06-0500:00:00
vuxml.freebsd.org
19
stored-xss
redos
dos
ip restrictions
privilege escalation
tag protection bypass
email verification
open redirection
unauthorized disclosure
ambiguous branch exploit

CVSS3

8.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

EPSS

0.003

Percentile

68.9%

JSON

Gitlab reports:

Stored-XSS with CSP-bypass in Merge requests
ReDoS via FrontMatterFilter in any Markdown fields
ReDoS via InlineDiffFilter in any Markdown fields
ReDoS via DollarMathPostFilter in Markdown fields
DoS via malicious test report artifacts
Restricted IP addresses can clone repositories of public projects
Reflected XSS in Report Abuse Functionality
Privilege escalation from maintainer to owner by importing members from a project
Bypassing tags protection in GitLab
Denial of Service using multiple labels with arbitrarily large descriptions
Ability to use an unverified email for public and commit emails
Open Redirection Through HTTP Response Splitting
Disclosure of issue notes to an unauthorized user when exporting a project
Ambiguous branch name exploitation

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchgitlab-ce= 16.0.0UNKNOWN
FreeBSDanynoarchgitlab-ce< 16.0.2UNKNOWN

Related

nessus 15
debiancve 14
veracode 12
nvd 14
osv 28
cve 14
ubuntucve 14
cvelist 14
prion 14
nessus
nessus
FreeBSD : Gitlab -- Vulnerability (cdb5338d-04ec-11ee-9c88-001b217b3468)
2023-06-07 00:00:00
GitLab 14.1 < 15.10.8 / 15.11 < 15.11.7 / 16.0 < 16.0.2 (CVE-2023-2485)
2023-06-05 00:00:00
GitLab 8.7 < 15.10.8 / 15.11 < 15.11.7 / 16.0 < 16.0.2 (CVE-2023-2198)
2023-06-05 00:00:00
debiancve
debiancve
CVE-2023-2199
2023-06-07 17:15:10
CVE-2023-1825
2023-06-07 17:15:09
CVE-2023-2485
2023-06-07 17:15:10
veracode
veracode
Regular Expression Denial Of Service (ReDoS)
2023-08-06 10:17:49
Regular Expression Denial Of Service (ReDoS)
2023-08-06 10:17:50
Cross-site Scripting (XSS)
2023-08-07 02:10:48
nvd
nvd
CVE-2023-1825
2023-06-07 17:15:09
CVE-2023-2485
2023-06-07 17:15:10
CVE-2023-2589
2023-06-07 17:15:10
osv
osv
BIT-gitlab-2023-0508
2024-03-06 11:12:13
BIT-gitlab-2023-2132
2024-03-06 11:09:32
BIT-gitlab-2023-2198
2024-03-06 11:08:56
cve
cve
CVE-2023-2198
2023-06-07 17:15:10
CVE-2023-0508
2023-06-07 17:15:09
CVE-2023-2589
2023-06-07 17:15:10
ubuntucve
ubuntucve
CVE-2023-2589
2023-06-07 00:00:00
CVE-2023-2132
2023-06-06 00:00:00
CVE-2023-2485
2023-06-07 00:00:00
cvelist
cvelist
CVE-2023-2589
2023-06-07 00:00:00
CVE-2023-1825
2023-06-07 00:00:00
CVE-2023-2485
2023-06-07 00:00:00
prion
prion
Code injection
2023-06-06 17:15:00
Design/Logic Flaw
2023-06-07 17:15:00
Design/Logic Flaw
2023-06-07 17:15:00

CVSS3

8.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

EPSS

0.003

Percentile

68.9%

JSON
Related for CDB5338D-04EC-11EE-9C88-001B217B3468
nessus15debiancve14veracode12nvd14osv28cve14ubuntucve14cvelist14prion14