8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
6 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
10.4%
Gitlab reports:
1-click account takeover via XSS in the code editor in gitlab.com
A DOS vulnerability in the ‘description’ field of the runner
CSRF via K8s cluster-integration
Using Set Pipeline Status of a Commit API incorrectly create a new pipeline when SHA and pipeline_id did not match
Redos on wiki render API/Page
Resource exhaustion and denial of service with test_report API calls
Guest user can view dependency lists of private projects through job artifacts
Stored XSS via PDFjs
8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
6 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
10.4%