Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
freebsdFreeBSDACB4EAB6-3F6D-11EF-8657-001B217B3468
HistoryJul 10, 2024 - 12:00 a.m.

Gitlab -- vulnerabilities

2024-07-1000:00:00
vuxml.freebsd.org
10
gitlab
pipeline job
url change
deploy token
package registry
user banning
subdomain takeover
security document

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7

Confidence

Low

EPSS

0.001

Percentile

47.8%

JSON

Gitlab reports:

An attacker can run pipeline jobs as an arbitrary user
Developer user with admin_compliance_framework permission can change group URL
Admin push rules custom role allows creation of project level deploy token
Package registry vulnerable to manifest confusion
User with admin_group_member permission can ban group members
Subdomain takeover in GitLab Pages

Related

nessus 6
ubuntucve 6
osv 11
cvelist 5
cve 5
debiancve 6
vulnrichment 5
nvd 5
thn 2
nessus
nessus
FreeBSD : Gitlab -- vulnerabilities (acb4eab6-3f6d-11ef-8657-001b217b3468)
2024-07-11 00:00:00
GitLab 11.8 < 16.11.6 / 17.0 < 17.0.4 / 17.1 < 17.1.2 (CVE-2024-6595)
2024-07-17 00:00:00
GitLab 15.8 < 16.11.6 / 17.0 < 17.0.4 / 17.1 < 17.1.2 (CVE-2024-6385)
2024-07-11 00:00:00
ubuntucve
ubuntucve
CVE-2024-6595
2024-07-17 00:00:00
CVE-2024-6385
2024-07-11 00:00:00
CVE-2024-5528
2024-07-15 00:00:00
osv
osv
BIT-gitlab-2024-6595
2024-07-19 07:19:00
BIT-gitlab-2024-6385
2024-07-13 07:18:39
CVE-2024-6385
2024-07-11 07:15:06
cvelist
cvelist
CVE-2024-6595 Uncontrolled Search Path Element in GitLab
2024-07-17 01:30:43
CVE-2024-6385 Improper Access Control in GitLab
2024-07-11 06:56:54
CVE-2024-5470 Improper Access Control in GitLab
2024-07-11 06:57:04
cve
cve
CVE-2024-6595
2024-07-17 02:15:10
CVE-2024-6385
2024-07-11 07:15:06
CVE-2024-5470
2024-07-11 07:15:04
debiancve
debiancve
CVE-2024-5528
2024-07-11 07:11:59
CVE-2024-6385
2024-07-11 07:15:06
CVE-2024-6595
2024-07-17 02:15:10
vulnrichment
vulnrichment
CVE-2024-6385 Improper Access Control in GitLab
2024-07-11 06:56:54
CVE-2024-6595 Uncontrolled Search Path Element in GitLab
2024-07-17 01:30:43
CVE-2024-5470 Improper Access Control in GitLab
2024-07-11 06:57:04
nvd
nvd
CVE-2024-6385
2024-07-11 07:15:06
CVE-2024-6595
2024-07-17 02:15:10
CVE-2024-5470
2024-07-11 07:15:04
thn
thn
GitLab Patches Critical Flaw Allowing Unauthorized Pipeline Jobs
2024-07-11 03:51:00
Urgent: GitLab Patches Critical Flaw Allowing Unauthorized Pipeline Job Execution
2024-09-12 15:55:00

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7

Confidence

Low

EPSS

0.001

Percentile

47.8%

JSON
Related for ACB4EAB6-3F6D-11EF-8657-001B217B3468
nessus6ubuntucve6osv11cvelist5cve5debiancve6vulnrichment5nvd5thn2