CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
AI Score
Confidence
Low
An issue has been discovered in GitLab EE affecting all versions starting
from 12.5 before 17.1.6, all versions starting from 17.2 before 17.2.4, all
versions starting from 17.3 before 17.3.1. Under certain conditions it may
be possible to bypass the IP restriction for groups through GraphQL
allowing unauthorised users to perform some actions at the group level.
Author | Note |
---|---|
mdeslaur | GitLab isn’t maintainable as a distro package, and was removed from Ubuntu because of this. We will not be fixing security issues in the gitlab package in Xenial. |