Lucene search
Veracode Vulnerability DatabaseVERACODE:42161HistoryAug 06, 2023 - 5:37 a.m.
Authorization Bypass
2023-08-0605:37:17
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
1
gitlab
authorization bypass
vulnerability
branch/tag confusion
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
0.001 Low
EPSS
Percentile
35.1%
gitlab is vulnerable to Authorization Bypasses. A branch/tag name confusion allows an attacker to manipulate pages where the content of the default branch would be expected.
| CPE | Name | Operator | Version |
|---|---|---|---|
| gitlab:sid | eq | 13.4.7-2 | |
| gitlab:sid | eq | 13.3.9-1 | |
| gitlab:sid | eq | 13.4.7-2 | |
| gitlab:sid | eq | 13.3.9-1 |
Related
osv
osv
BIT-gitlab-2022-3288
2024-03-06 11:14:26
CVE-2022-3288
2022-10-17 16:15:22
debiancve
debiancve
CVE-2022-3288
2022-10-17 16:15:22
nessus
nessus
GitLab < 15.2.5 (CVE-2022-3288)
2022-10-14 00:00:00
cvelist
cvelist
CVE-2022-3288
2022-10-17 00:00:00
nvd
nvd
CVE-2022-3288
2022-10-17 16:15:22
ubuntucve
ubuntucve
CVE-2022-3288
2022-10-17 00:00:00
cve
cve
CVE-2022-3288
2022-10-17 16:15:22
prion
prion
Design/Logic Flaw
2022-10-17 16:15:00
freebsd
freebsd
Gitlab -- Multiple vulnerabilities
2022-09-29 00:00:00
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
0.001 Low
EPSS
Percentile
35.1%
Related for VERACODE:42161