Gitlab -- vulnerabilities

2024-08-2100:00:00

vuxml.freebsd.org

gitlab

web interface

dos

prompt injection

unauthorized actions

graphql

ip restrictions

source code

releases

github

repository

arbitrary command execution

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

8.1

Confidence

High

EPSS

0.001

Percentile

30.4%

JSON

Gitlab reports:

The GitLab Web Interface Does Not Guarantee Information Integrity When Downloading Source Code from Releases
Denial of Service by importing maliciously crafted GitHub repository
Prompt injection in “Resolve Vulnerabilty” results in arbitrary command execution in victim’s pipeline
An unauthorized user can perform certain actions through GraphQL after a group owner enables IP restrictions

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchgitlab-ce= 17.3.0UNKNOWN
FreeBSDanynoarchgitlab-ce< 17.3.1UNKNOWN
FreeBSDanynoarchgitlab-ee= 17.3.0UNKNOWN
FreeBSDanynoarchgitlab-ee< 17.3.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	gitlab-ce	= 17.3.0	UNKNOWN
FreeBSD	any	noarch	gitlab-ce	< 17.3.1	UNKNOWN
FreeBSD	any	noarch	gitlab-ee	= 17.3.0	UNKNOWN
FreeBSD	any	noarch	gitlab-ee	< 17.3.1	UNKNOWN