Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A cross-site request forgery vulnerability in the GraphQL API in GitLab since version 13.12 and before versions 13.12.6 and 14.0.2 allowed an attacker to call mutations as the victim
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N
Vulnerability Type
N/A
Vulnerability Title
GitLab跨站请求伪造漏洞
Vulnerability Description
GitLab是美国GitLab公司的一款使用Ruby on Rails开发的、自托管的、Git(版本控制系统)项目仓库应用程序。该程序可用于查阅项目的文件内容、提交历史、Bug列表等。 Gitlab CE 中存在跨站请求伪造漏洞,该漏洞源于该平台的 GraphQL API 中对HTTP请求验证不足。远程攻击者可利用该漏洞诱导用户访问一个专门设计的网站并在该平台执行任意操作。 以下产品及版本受到影响: Gitlab CE 13.12.0 至 13.12.3 版本,Gitlab CE 13.12.4,Gitl
CVSS Information
N/A
Vulnerability Type
N/A