Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A collision in access memoization logic in all versions of GitLab CE/EE before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, leads to potential elevated privileges in groups and projects under rare circumstances
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N
Vulnerability Type
N/A
Vulnerability Title
GitLab 权限许可和访问控制问题漏洞
Vulnerability Description
GitLab是美国GitLab公司的一个开源的端到端软件开发平台,具有内置的版本控制、问题跟踪、代码审查、CI/CD(持续集成和持续交付)等功能。 GitLab CE/EE 存在权限许可和访问控制问题漏洞,该漏洞源于在GitLab CE/EE的14.3.6,14.4.4之前的所有版本,14.4.4之前的所有版本从 14.5 到 14.5.2中存在访问记忆逻辑的冲突。攻击者可利用该漏洞导致潜在的群组特权提升和在极少数情况下的项目。
CVSS Information
N/A
Vulnerability Type
N/A