Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Authorization Bypass Through User-Controlled Key in GitLab
Vulnerability Description
A permission check vulnerability in GitLab CE/EE affecting all versions starting from 8.12 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2 allowed for LFS tokens to read and write to the user owned repositories.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
Vulnerability Type
通过用户控制密钥绕过授权机制
Vulnerability Title
GitLab 安全漏洞
Vulnerability Description
GitLab是美国GitLab公司的一个开源的端到端软件开发平台,具有内置的版本控制、问题跟踪、代码审查、CI/CD(持续集成和持续交付)等功能。 GitLab存在安全漏洞,该漏洞源于存在一个权限检查漏洞,允许LFS令牌读取和写入用户拥有的存储库。以下版本受到影响:8.12到17.0.6之前版本、17.1到17.1.4之前版本、17.2到17.2.2之前版本。
CVSS Information
N/A
Vulnerability Type
N/A