Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Incorrect Authorization in GitLab
Vulnerability Description
An issue has been discovered in GitLab EE Premium and Ultimate affecting versions 16.4.3, 16.5.3, and 16.6.1. In projects using subgroups to define who can push and/or merge to protected branches, there may have been instances in which subgroup members with the Developer role were able to push or merge to protected branches.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Vulnerability Type
授权机制不正确
Vulnerability Title
GitLab Enterprise Edition 安全漏洞
Vulnerability Description
GitLab Enterprise Edition(EE)是美国GitLab公司的一套内容管理系统。 GitLab Enterprise Edition Premium、Ultimate 16.4.3、16.5.3 和 16.6.1版本存在安全漏洞,该漏洞源于在使用子组定义谁可以推送或合并到受保护分支的项目中,可能存在具有开发人员角色的子组成员能够推送或合并到受保护分支的情况。
CVSS Information
N/A
Vulnerability Type
N/A