Lucene search

Veracode Vulnerability DatabaseVERACODE:42452

HistoryAug 06, 2023 - 9:03 p.m.

Information Disclosure

2023-08-0621:03:48

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

gitlab

jira

information disclosure

vulnerable

gfm

resources

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

0.001 Low

EPSS

Percentile

38.5%

JSON

gitlab is vulnerable to Information Disclosure. The vulnerability is due to lack of Jira issue validation, which allows an attacker to use GitLab Flavored Markdown (GFM) references in a Jira issue to disclose the names of resources they don’t have access to.

CPENameOperatorVersion
gitlab:sideq13.4.7-2
gitlab:sideq13.3.9-1
gitlab:sideq13.4.7-2
gitlab:sideq13.3.9-1

Name	Operator	Version
gitlab:sid	eq	13.4.7-2
gitlab:sid	eq	13.3.9-1
gitlab:sid	eq	13.4.7-2
gitlab:sid	eq	13.3.9-1

References

gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2761.json

gitlab.com/gitlab-org/gitlab/-/issues/370458

hackerone.com/reports/1653149

security-tracker.debian.org/tracker/CVE-2022-2761

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

0.001 Low

EPSS

Percentile

38.5%

JSON

Related for VERACODE:42452