CVE-2024-6356

high

Description

Gitlab reports: Privilege Escalation via LFS Tokens Granting Unrestricted Repository Access Cross project access of Security policy bot Advanced search ReDOS in highlight for code results Denial of Service via banzai pipeline Denial of service using adoc files ReDoS in RefMatcher when matching branch names using wildcards Path encoding can cause the Web interface to not render diffs correctly XSS while viewing raw XHTML files through API Ambiguous tag name exploitation Logs disclosings potentially sensitive data in query params Password bypass on approvals using policy projects ReDoS when parsing git push Webhook deletion audit log can preserve auth credentials

Details

Source: Mitre, NVD

Published: 2024-08-07

Risk Information

CVSS v2

Base Score: 3.5

Vector: CVSS2#AV:N/AC:M/Au:S/C:N/I:N/A:P

Severity: Low

CVSS v3

Base Score: 7.1

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H

Severity: High

Detections

Analytics