6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
7.3 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
9.0%
Gitlab reports:
ReDoS in branch search when using wildcards
ReDoS in markdown render pipeline
Redos on Discord integrations
Redos on Google Chat Integration
Denial of Service Attack via Pin Menu
DoS by filtering tags and branches via the API
MR approval via CSRF in SAML SSO
Banned user from groups can read issues updates via the api
Require confirmation before linking JWT identity
View confidential issues title and description of any public project via export
SSRF via Github importer
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
7.3 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
9.0%