Description
An issue has been discovered in GitLab EE affecting all versions starting from 13.10 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. GitLab's Jira integration has an insecure direct object reference vulnerability that may be exploited by an attacker to leak Jira issues.
Related CPE's
a
gitlab
gitlab
3
References
https://gitlab.com/gitlab-org/gitlab/-/issues/360800
Broken LinkVendor Advisory
https://hackerone.com/reports/1538068
Permissions RequiredThird Party Advisory
CVSS impact metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 · Medium
CVSS V3.1
CVSS V3.0
CVSS V2.0
Information
Source identifier
Vulnerability status
Analyzed
Published
2022-08-05T16:15:12.200
2 years agoLast modified
2022-08-11T15:17:24.963
2 years ago