CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
48.0%
Gitlab reports:
Execute environment stop actions as the owner of the stop action job
Prevent code injection in Product Analytics funnels YAML
SSRF via Dependency Proxy
Denial of Service via sending a large glm_source parameter
CI_JOB_TOKEN can be used to obtain GitLab session token
Variables from settings are not overwritten by PEP if a template is included
Guests can disclose the full source code of projects using custom group-level templates
IdentitiesController allows linking of arbitrary unclaimed provider identities
Open redirect in repo/tree/:id endpoint can lead to account takeover through broken OAuth flow
Open redirect in release permanent links can lead to account takeover through broken OAuth flow
Guest user with Admin group member permission can edit custom role to gain other permissions
Exposure of protected and masked CI/CD variables by abusing on-demand DAST
Credentials disclosed when repository mirroring fails
Commit information visible through release atom endpoint for guest users
Dependency Proxy Credentials are Logged in Plaintext in graphql Logs
User Application can spoof the redirect url
Group Developers can view group runners information
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
48.0%