Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue has been discovered in GitLab affecting all versions starting from 14.0 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLab was not disabling the Autocomplete attribute of fields related to sensitive information making it possible to be retrieved under certain conditions.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N
Vulnerability Type
N/A
Vulnerability Title
GitLab 跨站脚本漏洞
Vulnerability Description
GitLab是美国GitLab公司的一个开源的端到端软件开发平台,具有内置的版本控制、问题跟踪、代码审查、CI/CD(持续集成和持续交付)等功能。 GitLab Enterprise Edition 和 Gitlab Community Edition 存在跨站脚本漏洞,该漏洞源于受影响的应用程序不禁用与敏感信息相关的字段的自动完成属性。远程管理员可以在未经授权的情况下访问系统上的敏感信息。该漏洞允许远程用户访问潜在的敏感信息。
CVSS Information
N/A
Vulnerability Type
N/A