Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
freebsdFreeBSDF7C5B3A9-B9FB-11ED-99C6-001B217B3468
HistoryMar 02, 2023 - 12:00 a.m.

Gitlab -- Multiple Vulnerabilities

2023-03-0200:00:00
vuxml.freebsd.org
19
stored xss
integration leakage
token validation
api key exposure
xss vulnerability
user rights
release visibility
integration exposure
pagination limits
open redirect
project ownership

8.7 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

0.002 Low

EPSS

Percentile

57.4%

JSON

Gitlab reports:

Stored XSS via Kroki diagram
Prometheus integration Google IAP details are not hidden, may leak account details from instance/group/project settings
Improper validation of SSO and SCIM tokens while managing groups
Maintainer can leak Datadog API key by changing Datadog site
Clipboard based XSS in the title field of work items
Improper user right checks for personal snippets
Release Description visible in public projects despite release set as project members only
Group integration settings sensitive information exposed to project maintainers
Improve pagination limits for commits
Gitlab Open Redirect Vulnerability
Maintainer may become an Owner of a project

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchgitlab-ce= 15.9.0UNKNOWN
FreeBSDanynoarchgitlab-ce< 15.9.2UNKNOWN

Related

nessus 13
cve 11
prion 11
osv 22
veracode 10
ubuntucve 10
debiancve 11
cvelist 11
nvd 11
nessus
nessus
GitLab < 15.7.8 (SECURITY-RELEASE-GITLAB-15-9-2-RELEASED)
2024-01-03 00:00:00
FreeBSD : Gitlab -- Multiple Vulnerabilities (f7c5b3a9-b9fb-11ed-99c6-001b217b3468)
2023-03-03 00:00:00
GitLab 15.3 < 15.7.8 / 15.8 < 15.8.4 / 15.9 < 15.9.2 (CVE-2022-4007)
2023-03-03 00:00:00
cve
cve
CVE-2022-4007
2023-03-08 23:15:10
CVE-2022-4462
2023-03-09 20:15:09
CVE-2022-4331
2023-03-09 22:15:51
prion
prion
Cross site scripting
2023-03-08 23:15:00
Code injection
2023-03-09 20:15:00
Design/Logic Flaw
2023-03-09 21:15:00
osv
osv
CVE-2022-4007
2023-03-08 23:15:10
BIT-gitlab-2022-4007
2024-03-06 11:13:38
BIT-gitlab-2022-4462
2024-03-06 11:12:50
veracode
veracode
Cross-site Scripting (XSS)
2023-08-07 02:25:51
Information Disclosure
2023-08-07 00:51:28
Authorization Bypass
2023-07-22 21:31:47
ubuntucve
ubuntucve
CVE-2022-4007
2023-03-08 00:00:00
CVE-2022-4462
2023-03-09 00:00:00
CVE-2022-3758
2023-03-09 00:00:00
debiancve
debiancve
CVE-2022-4007
2023-03-08 23:15:10
CVE-2022-3381
2023-03-09 21:15:10
CVE-2022-3758
2023-03-09 23:15:10
cvelist
cvelist
CVE-2022-4007
2023-03-08 00:00:00
CVE-2022-4331
2023-03-09 00:00:00
CVE-2022-3381
2023-03-09 00:00:00
nvd
nvd
CVE-2022-4007
2023-03-08 23:15:10
CVE-2022-4331
2023-03-09 22:15:51
CVE-2022-3381
2023-03-09 21:15:10

8.7 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

0.002 Low

EPSS

Percentile

57.4%

JSON
Related for F7C5B3A9-B9FB-11ED-99C6-001B217B3468
nessus13cve11prion11osv22veracode10ubuntucve10debiancve11cvelist11nvd11