Veracode Vulnerability DatabaseVERACODE:45194Improper Access Control
7.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:N
6.4 Medium
AI Score
Confidence
Low
0.0005 Low
EPSS
Percentile
17.0%
GitLab EE is vulnerable to Improper Access Control. The vulnerability is caused due to a flaw in authorization check while approving previously approved merged request. This flaw can be exploited to bypass CODEOWNERS approval by adding changes to a previously approved merge request.
| CPE | Name | Operator | Version |
|---|---|---|---|
| gitlab:sid | eq | 13.4.7-2 | |
| gitlab:sid | eq | 13.3.9-1 | |
| gitlab:sid | eq | 13.4.7-2 | |
| gitlab:sid | eq | 13.3.9-1 |
Related
7.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:N
6.4 Medium
AI Score
Confidence
Low
0.0005 Low
EPSS
Percentile
17.0%