8.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
0.005 Low
EPSS
Percentile
75.8%
Gitlab reports:
Race condition on gitlab.com enables verified email forgery and third-party account hijacking
DOS and high resource consumption of Prometheus server through abuse of Grafana integration proxy endpoint
Maintainer can leak sentry token by changing the configured URL
Maintainer can leak masked webhook secrets by changing target URL of the webhook
Cross-site scripting in wiki changes page affecting self-hosted instances running without strict CSP
Group access tokens continue to work after owner loses ability to revoke them
Users’ avatar disclosure by user ID in private GitLab instances
Arbitrary Protocol Redirection in GitLab Pages
Regex DoS due to device-detector parsing user agents
Regex DoS in the Submodule Url Parser
8.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
0.005 Low
EPSS
Percentile
75.8%