Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In all versions of GitLab CE/EE since version 8.0, an attacker can set the pipeline schedules to be active in a project export so when an unsuspecting owner imports that project, pipelines are active by default on that project. Under specialized conditions, this may lead to information disclosure if the project is imported from an untrusted source.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L
Vulnerability Type
N/A
Vulnerability Title
GitLab 输入验证错误漏洞
Vulnerability Description
GitLab是美国GitLab公司的一款使用Ruby on Rails开发的、自托管的、Git(版本控制系统)项目仓库应用程序。该程序可用于查阅项目的文件内容、提交历史、Bug列表等。 GitLab Community Edition存在输入验证错误漏洞,该漏洞源于攻击者可以将管道计划设置为在项目导出中处于活动状态,以便在不知情的情况下owner 导入该项目,默认情况下该项目的管道处于活动状态。
CVSS Information
N/A
Vulnerability Type
N/A