5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.081 Low
EPSS
Percentile
94.4%
Gitlab reports:
Path Traversal in NuGet Package Registry
Workhorse Bypass Leads to File Disclosure
OAuth Application Client Secrets Revealed
Code Owners Approval Rules Are Not Updated for Existing Merge Requests When Source Branch Changes
Code Owners Protection Not Enforced from Web UI
Repository Mirror Passwords Exposed To Maintainers
Admin Audit Log Page Denial of Service
Private Project ID Revealed Through Group API
Elasticsearch Credentials Logged to ELK
GitHub Personal Access Token Exposed on Integrations Page
Update Nokogiri dependency
Update OpenSSL Dependency
Update git
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.081 Low
EPSS
Percentile
94.4%