Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
GitLab before 5.4.2, Community Edition before 6.2.4, and Enterprise Edition before 6.2.1, when using a MySQL backend, allows remote attackers to impersonate arbitrary users and bypass authentication via unspecified API calls.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
GitLab ‘helpers.rb’未授权API访问漏洞
Vulnerability Description
GitLab是一套利用Ruby on Rails开发的开源应用程序,可实现一个自托管的Git(版本控制系统)项目仓库,它拥有与Github类似的功能,可查阅项目的文件内容、提交历史、Bug列表等。 GitLab 5.4.1及之前的版本,Community Edition 6.2.3及之前的版本,Enterprise Edition 6.2.0及之前的版本中存在安全漏洞。当使用MySQL backend时,远程攻击者可通过API调用利用该漏洞冒充任意用户,绕过身份验证。
CVSS Information
N/A
Vulnerability Type
N/A