9.9 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
0.028 Low
EPSS
Percentile
90.8%
Gitlab reports:
Remote Command Execution via GitHub import
Stored XSS via labels color
Content injection via Incidents Timeline description
Lack of length validation in Snippets leads to Denial of Service
Group IP allow-list not fully respected by the Package Registry
Abusing Gitaly.GetTreeEntries calls leads to denial of service
Arbitrary HTTP Requests Possible in .ipynb Notebook with Malicious Form Tags
Regular Expression Denial of Service via special crafted input
Information Disclosure via Arbitrary GFM references rendered in Incident Timeline Events
Regex backtracking through the Commit message field
Read repository content via LivePreview feature
Denial of Service via the Create branch API
Denial of Service via Issue preview
IDOR in Zentao integration leaked issue details
Brute force attack may guess a password even when 2FA is enabled
9.9 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
0.028 Low
EPSS
Percentile
90.8%