Lucene search
Veracode Vulnerability DatabaseVERACODE:41493HistoryJul 22, 2023 - 9:44 p.m.
Remote Code Execution (RCE)
2023-07-2221:44:44
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
10
remote code execution
gitlab
openapi
http requests
vulnerability
9 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
0.003 Low
EPSS
Percentile
68.8%
gitlab is vulnerable to Remote Code Execution (RCE). Because OpenAPI documents are not sandboxed, an attacker is able to deceive a user into clicking on the Swagger OpenAPI reader and issuing HTTP requests that harm the victim’s account.
| CPE | Name | Operator | Version |
|---|---|---|---|
| gitlab:sid | eq | 13.4.7-2 | |
| gitlab:sid | eq | 13.3.9-1 | |
| gitlab:sid | eq | 13.4.7-2 | |
| gitlab:sid | eq | 13.3.9-1 |
Related
prion
prion
Design/Logic Flaw
2022-11-10 00:15:00
ubuntucve
ubuntucve
CVE-2022-3726
2022-11-10 00:00:00
osv
osv
BIT-gitlab-2022-3726
2024-03-06 11:13:58
CVE-2022-3726
2022-11-10 00:15:22
nessus
nessus
GitLab 12.6 < 15.3.5 / 15.4 < 15.4.4 / 15.5 < 15.5.2 (CVE-2022-3726)
2022-11-08 00:00:00
cve
cve
CVE-2022-3726
2022-11-10 00:15:22
debiancve
debiancve
CVE-2022-3726
2022-11-10 00:15:22
nvd
nvd
CVE-2022-3726
2022-11-10 00:15:22
cvelist
cvelist
CVE-2022-3726
2022-11-09 00:00:00
openvas
openvas
GitLab 12.6 < 15.3.5, 15.4 < 15.4.4, 15.5 < 15.5.2 Multiple Vulnerabilities
2022-11-11 00:00:00
freebsd
freebsd
Gitlab -- Multiple vulnerabilities
2022-11-02 00:00:00
9 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
0.003 Low
EPSS
Percentile
68.8%
Related for VERACODE:41493