CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N
AI Score
Confidence
Low
EPSS
Percentile
29.4%
Gitlab reports:
Disclosure of CI/CD variables using Custom project templates
GitLab omnibus DoS crash via OOM with CI Catalogs
Parsing gitlab-ci.yml with large string via timeout input leads to Denial of Service
DoS - Blocking FIFO files in Tar archives
Titles exposed by service-desk template
Approval on protected environments can be bypassed
Version information disclosure when super_sidebar_logged_out feature flag is enabled
Add abuse detection for search syntax filter pipes
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N
AI Score
Confidence
Low
EPSS
Percentile
29.4%