Veracode Vulnerability DatabaseVERACODE:42220Information Disclosure
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
44.6%
gitlab is vulnerable to Information Disclosure. This vulnerability occurs when GitLab parses a specially crafted URL that contains a directory traversal sequence. If the URL is valid, GitLab will allow the user to access files outside of the intended directory. This can be exploited by an attacker to read sensitive files, such as passwords or configuration files.
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
44.6%