Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
freebsdFreeBSD61FE903B-BC2E-11EE-B06E-001B217B3468
HistoryJan 25, 2024 - 12:00 a.m.

Gitlab -- vulnerabilities

2024-01-2500:00:00
vuxml.freebsd.org
13
gitlab
vulnerabilities
arbitrary file write
redos
api put requests
public email disclosure
mr assignees
non-members
rss feed

9.9 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

7.1 High

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

75.6%

JSON

Gitlab reports:

Arbitrary file write while creating workspace
ReDoS in Cargo.toml blob viewer
Arbitrary API PUT requests via HTML injection in user’s name
Disclosure of the public email in Tags RSS Feed
Non-Member can update MR Assignees of owned MRs

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchgitlab-ce= 16.8.0UNKNOWN
FreeBSDanynoarchgitlab-ce< 16.8.1UNKNOWN

Related

nessus 6
osv 10
ubuntucve 5
prion 5
nvd 5
cve 5
debiancve 5
cvelist 5
veracode 5
thn 1
rapid7blog 1
nessus
nessus
FreeBSD : Gitlab -- vulnerabilities (61fe903b-bc2e-11ee-b06e-001b217b3468)
2024-01-27 00:00:00
GitLab 13.7 < 16.6.6 / 16.7 < 16.7.4 / 16.8 < 16.8.1 (CVE-2023-5933)
2024-01-25 00:00:00
GitLab 12.7 < 16.6.6 / 16.7 < 16.7.4 / 16.8 < 16.8.1 (CVE-2023-6159)
2024-01-25 00:00:00
osv
osv
CVE-2023-5933
2024-01-26 01:15:08
BIT-gitlab-2023-5933
2024-03-06 10:55:55
BIT-gitlab-2023-6159
2024-03-06 10:54:58
ubuntucve
ubuntucve
CVE-2023-5933
2024-01-26 00:00:00
CVE-2023-6159
2024-01-26 00:00:00
CVE-2024-0456
2024-01-26 00:00:00
prion
prion
Input validation
2024-01-26 01:15:00
Input validation
2024-01-26 02:15:00
Code injection
2024-01-26 01:15:00
nvd
nvd
CVE-2023-5933
2024-01-26 01:15:08
CVE-2024-0402
2024-01-26 01:15:08
CVE-2023-6159
2024-01-26 02:15:07
cve
cve
CVE-2023-5933
2024-01-26 01:15:08
CVE-2023-6159
2024-01-26 02:15:07
CVE-2024-0456
2024-01-26 01:15:09
debiancve
debiancve
CVE-2023-5933
2024-01-26 01:15:08
CVE-2023-6159
2024-01-26 02:15:07
CVE-2023-5612
2024-01-26 02:15:07
cvelist
cvelist
CVE-2023-5933 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in GitLab
2024-01-26 01:02:58
CVE-2024-0456 Improper Authorization in GitLab
2024-01-26 01:02:43
CVE-2023-6159 Inefficient Regular Expression Complexity in GitLab
2024-01-26 02:02:29
veracode
veracode
Cross-site Scripting
2024-02-01 19:48:04
Regular Expression Denial Of Service (ReDoS)
2024-02-02 17:58:45
Improper Authorization
2024-02-02 15:26:17
thn
thn
URGENT: Upgrade GitLab - Critical Workspace Creation Flaw Allows File Overwrite
2024-01-30 16:18:00
rapid7blog
rapid7blog
Metasploit Wrap-Up 03/08/2024
2024-03-08 17:00:00

9.9 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

7.1 High

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

75.6%

JSON
Related for 61FE903B-BC2E-11EE-B06E-001B217B3468
nessus6osv10ubuntucve5prion5nvd5cve5debiancve5cvelist5veracode5thn1rapid7blog1