7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.081 Low
EPSS
Percentile
94.2%
Gitlab reports:
Path Traversal in NuGet Package Registry
Workhorse Bypass Leads to File Disclosure
OAuth Application Client Secrets Revealed
Code Owners Approval Rules Are Not Updated for Existing Merge Requests When Source Branch Changes
Code Owners Protection Not Enforced from Web UI
Repository Mirror Passwords Exposed To Maintainers
Admin Audit Log Page Denial of Service
Private Project ID Revealed Through Group API
Elasticsearch Credentials Logged to ELK
GitHub Personal Access Token Exposed on Integrations Page
Update Nokogiri dependency
Update OpenSSL Dependency
Update git
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.081 Low
EPSS
Percentile
94.2%