Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:44864
HistoryDec 27, 2023 - 3:05 a.m.

Improper Access Control

2023-12-2703:05:51
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
6
gitlab
access control
vulnerability
permission validation
authorization check
unauthorized user

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

7 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

14.1%

gitlab:sid is vulnerable of improper access control. The vulnerability due to improper permission validation and fails to authorization check. It leads to allow an attacker to edit labels description by an unauthorized user.

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

7 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

14.1%