N/A

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.1 before 15.3.5, all versions starting from 15.4 before 15.4.4, all versions starting from 15.5 before 15.5.2. A malicious maintainer could exfiltrate a Datadog integration's access token by modifying the integration URL such that authenticated requests are sent to an attacker controlled server.

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

N/A

GitLab 安全漏洞

GitLab是美国GitLab公司的一个开源的端到端软件开发平台，具有内置的版本控制、问题跟踪、代码审查、CI/CD（持续集成和持续交付）等功能。 GitLab CE/EE存在安全漏洞，该漏洞源于恶意维护者可以通过修改集成 URL 来窃取 Datadog 集成的访问令牌，以便将经过身份验证的请求发送到攻击者控制的服务器。

N/A

N/A