CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
AI Score
Confidence
High
EPSS
Percentile
27.4%
Improper neutralization of input in Jira integration configuration in
GitLab CE/EE, affecting all versions from 15.10 prior to 16.6.1, 16.5 prior
to 16.5.3, and 16.4 prior to 16.4.3 allows attacker to execute javascript
in victim’s browser.
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
AI Score
Confidence
High
EPSS
Percentile
27.4%