Lucene search
Veracode Vulnerability DatabaseVERACODE:42597HistoryAug 07, 2023 - 2:41 a.m.
Cross-Site Request Forgery (CSRF)
2023-08-0702:41:55
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
9
cross-site request forgery
gitlab
vulnerability
project takeover
malicious attacker
file upload
CVSS3
8.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
EPSS
0.001
Percentile
42.3%
gitlab is vulnerable to Cross-Site Request Forgery (CSRF). The vulnerability allows a malicious attacker to gain access and control a project if the owner uploads a file to a malicious project.
Related
debiancve
debiancve
CVE-2022-4138
2023-02-13 23:15:11
prion
prion
Cross site request forgery (csrf)
2023-02-13 23:15:00
osv
osv
BIT-gitlab-2022-4138
2024-03-06 11:13:27
CVE-2022-4138
2023-02-13 23:15:11
cve
cve
CVE-2022-4138
2023-02-13 23:15:11
nvd
nvd
CVE-2022-4138
2023-02-13 23:15:11
openvas
openvas
GitLab < 15.6.7, 15.7.x < 15.7.6, 15.8.x < 15.8.1 CSRF Vulnerability
2023-02-03 00:00:00
nessus
nessus
GitLab 0.0 < 15.6.7 / 15.7 < 15.7.6 / 15.8 < 15.8.1 (CVE-2022-4138)
2023-02-02 00:00:00
FreeBSD : Gitlab -- Multiple Vulnerabilities (ee890be3-a1ec-11ed-a81d-001b217b3468)
2023-02-01 00:00:00
GitLab < 15.6.7 (SECURITY-RELEASE-GITLAB-15-8-1-RELEASED)
2024-01-03 00:00:00
cvelist
cvelist
CVE-2022-4138
2023-02-13 00:00:00
ubuntucve
ubuntucve
CVE-2022-4138
2023-02-13 00:00:00
freebsd
freebsd
Gitlab -- Multiple Vulnerabilities
2023-01-31 00:00:00
CVSS3
8.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
EPSS
0.001
Percentile
42.3%
Related for VERACODE:42597