Lucene search
K

4 matches found

CVE
CVE
added 2023/09/29 6:2 a.m.242 views

CVE-2023-3906

CVE-2023-3906 describes an input validation issue in GitLab Enterprise Edition’s asset proxy that allows an authenticated attacker to craft image URLs to bypass the asset proxy. Affected versions are 12.3–16.2.7, 16.3.x before 16.3.5, and 16.4.x before 16.4.1. The vulnerability is active in GitLa...

3.5CVSS3.8AI score0.00483EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/09/29 6:2 a.m.13 views

CVE-2023-3906 Improper Validation of Specified Type of Input in GitLab

An input validation issue in the asset proxy in GitLab EE, affecting all versions from 12.3 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1, allowed an authenticated attacker to craft image urls which bypass the asset proxy...

3.5CVSS3.4AI score0.00483EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/09/29 6:2 a.m.25 views

CVE-2023-3906 Improper Validation of Specified Type of Input in GitLab

An input validation issue in the asset proxy in GitLab EE, affecting all versions from 12.3 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1, allowed an authenticated attacker to craft image urls which bypass the asset proxy...

3.5CVSS4.3AI score0.00483EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/09/29 12:0 a.m.30 views

GitLab 12.3 < 16.2.8 / 16.3 < 16.3.5 / 16.4 < 16.4.1 (CVE-2023-3906)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An input validation issue in the asset proxy in GitLab EE, affecting all versions from 12.3 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1, allowed an authenticated attacker to craft...

3.5CVSS5.3AI score0.00483EPSS
Exploits0References4
Rows per page
Query Builder