VDB

GCVE-110-NCSC-2024-329

GCVE-110-NCSC-2024-329
Advisory PublishedCVSS 6.8/10
Vulnetix · Advisory published August 12, 2024
GitLab heeft kwetsbaarheden verholpen in GitLab Community Edition (CE) en Enterprise Edition (EE).

Weaknesses (CWE)

CWE-400Uncontrolled Resource ConsumptionCWE-639Authorization Bypass Through User-Controlled KeyCWE-94Improper Control of Generation of Code ('Code Injection')CWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')CWE-305Authentication Bypass by Primary WeaknessCWE-116Improper Encoding or Escaping of Output

Risk Scores

CVSS 3.1
6.8/10
Medium · CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

Affected Products

VendorProductVersionsPlatforms
gitlabgitlab

References

advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›