WARNING! Gitlab maintenance operation scheduled for Thursday, 18 June between 19:00 and 20:00 (CET). During this time window, short service interruptions (less than 5 minutes) may occur. Thank you in advance for your understanding.
SP-WD-1: SCFS, SUDC, (SUVP or SUOE), (NTFY or WDOG), LOGG
SP-WD-1: SCFS, SUDC, (SUVP or SUOE), DJST, (NTFY or WDOG), LOGG
SP-WD-2: (KEVD or KEVA or KEVT or SCAN), SCFS, SSCA, (FZ95 or BTIN or IMSL), IMSL or (MSAF-\*, MZRO-\*), ADEF, DPAH, PDDI-1, PDDI-4, SUDC, (SUVP or SUOE), CDST, CDTX, DCTX, DJST, WDOG, JSTY, LOGG, VULH
SP-WD-2: (KEVD or KEVA or KEVT or SCAN), SCFS, SSCA, (FZ95 or BTIN or IMSL), IMSL or (MSAF-\*, MZRO-\*), ADEF, DPAH, PDDI-1, PDDI-4, SUDC, (SUVP or SUOE), CDST, DCTX, DJST, WDOG, JSTY, LOGG, VULH
SP-WD-3: (KEVD or KEVA or KEVT or SCAN), SCFS, SSCA, (FZ95 or BTIN or IMSL), IMSL or (MSAF-\*, MZRO-\*), ADEF, DPAH, PDDI-1, PDDI-4, SUDC, (SUVP or SUOE), CDST, CDTX, DCTX, (NTFY or WDOG), JSTY, LOGG, VULH
SP-WD-3: (KEVD or KEVA or KEVT or SCAN), SCFS, SSCA, (FZ95 or BTIN or IMSL), IMSL or (MSAF-\*, MZRO-\*), ADEF, DPAH, PDDI-1, PDDI-4, SUDC, (SUVP or SUOE), CDST, DCTX, DJST, (NTFY or WDOG), JSTY, LOGG, VULH
SP-WD-4: (KEVD or KEVA or KEVT or SCAN), SCFS, SSCA, (FZ95 or BTIN or IMSL), IMSL or (MSAF-\*, MZRO-\*), ADEF, DPAH, PDDI-\*, SUDC, (SUVP or SUOE), CDST, CDTX, DCTX, DJST, NTFY, WDOG, JSTY, LOGG, VULH
SP-WD-4: (KEVD or KEVA or KEVT or SCAN), SCFS, SSCA, (FZ95 or BTIN or IMSL), IMSL or (MSAF-\*, MZRO-\*), ADEF, DPAH, PDDI-\*, SUDC, (SUVP or SUOE), CDST, DCTX, DJST, NTFY, WDOG, JSTY, LOGG, VULH
SP-WL-1: (KEVD or KEVA or KEVT or SCAN), SCFS, SSCA, IMSL or (MSAF-\*, MZRO-\*), ADEF, DPAH, PDDI-1, SUDC, (SUVP or SUOE), CDST, CDTX, IDST, DCTX, (NTFY or WDOG), JSTY, LOGG, (RSET or INST or DELE), SDRF, VULH
SP-WL-1: (KEVD or KEVA or KEVT or SCAN), SCFS, SSCA, IMSL or (MSAF-\*, MZRO-\*), ADEF, DPAH, PDDI-1, SUDC, (SUVP or SUOE), CDST, CDTX, IDST, DCTX, DJST, (NTFY or WDOG), JSTY, LOGG, (RSET or INST or DELE), SDRF, VULH
SP-WL-2: KEVD, KEVA, (KEVT or SCAN), SCFS, SSCA, (FZ95 or BTIN or IMSL), IMSL or (MSAF-\*, MZRO-\*), ADEF, DPAH, PDDI-1, PDDI-4, SUDC, (SUVP or SUOE), CDST, CDTX, IDST, DCTX, (NTFY or WDOG), JSTY, LOGG, (RSET or INST or DELE), SDRF, VULH
SP-WL-2: KEVD, KEVA, (KEVT or SCAN), SCFS, SSCA, (FZ95 or BTIN or IMSL), IMSL or (MSAF-\*, MZRO-\*), ADEF, DPAH, PDDI-1, PDDI-4, SUDC, (SUVP or SUOE), CDST, CDTX, IDST, DCTX, DJST, (NTFY or WDOG), JSTY, LOGG, (RSET or INST or DELE), SDRF, VULH
SP-WL-3: KEVD, KEVA, (KEVT or SCAN), SCFS, SSCA, (FZ95 or BTIN or IMSL), IMSL or (MSAF-\*, MZRO-\*), ADEF, DPAH, PDDI-\*, SUDC, (SUVP or SUOE), CDST, CDTX, IDST, DCTX, (NTFY or WDOG), JSTY, LOGG, (RSET or INST or DELE), SDRF, VULH
SP-WL-3: KEVD, KEVA, (KEVT or SCAN), SCFS, SSCA, (FZ95 or BTIN or IMSL), IMSL or (MSAF-\*, MZRO-\*), ADEF, DPAH, PDDI-\*, SUDC, (SUVP or SUOE), CDST, CDTX, IDST, DCTX, DJST, (NTFY or WDOG), JSTY, LOGG, (RSET or INST or DELE), SDRF, VULH
SP-VI-1: (KEVD or KEVA or KEVT or SCAN), SCFS, IMSL or (MSAF-\*, MZRO-\*), SUDC, (SUVP or SUOE), CDST, IDST, DCTX, (NTFY or WDOG), JSTY, LOGG, SDRF, VULH
SP-VI-1: (KEVD or KEVA or KEVT or SCAN), SCFS, IMSL or (MSAF-\*, MZRO-\*), SUDC, (SUVP or SUOE), CDST, IDST, DCTX, DJST, (NTFY or WDOG), JSTY, LOGG, SDRF, VULH
SP-VI-2: KEVD, KEVA, (KEVT or SCAN), SCFS, SSCA, (FZ95 or BTIN or IMSL), IMSL or (MSAF-\*, MZRO-\*), ADEF, DPAH, PDDI-1, PDDI-3, PDDI-4, SUDC, (SUVP or SUOE), CDST, CDTX, IDST, DCST, DCTX, DJST, NTFY, WDOG, JSTY, LOGG, (RSET or INST or DELE), SDRF, SDTR, VULH
SP-VI-2: KEVD, KEVA, (KEVT or SCAN), SCFS, SSCA, (FZ95 or BTIN or IMSL), IMSL or (MSAF-\*, MZRO-\*), ADEF, DPAH, PDDI-1, PDDI-3, PDDI-4, SUDC, (SUVP or SUOE), CDST, IDST, DCST, DCTX, DJST, NTFY, WDOG, JSTY, LOGG, (RSET or INST or DELE), SDRF, SDTR, VULH
# 6 Conformity Assessment
@@ -1880,21 +1880,35 @@ Mitigations for Impact:
* High to Low: CDST, DJST, LOGG
**[TH-UADT]:** Attacker may use network access to get unauthorized access to confidential data transmitted by the product.
#### C.4.3.5 TH-UADT: Unauthorized access to confidential data transmitted
| Risk factors | Likelihood |
|--------------|------------|
| LIS = 2 | High |
| LIS = 1 | Medium |
| LIS = 0 | Low |
Attacker may use network access to get unauthorized access to confidential data transmitted by the product.
| Risk factors | Impact |
|--------------|--------|
| SDT = 2 | High |
| SDT = 1 | Medium |
| SDT = 0 | Low |
| Risk factors | Likelihood | Security profiles |
|--------------|------------|-------------------|
| LIS = 0 | Low | WD-\*, VI-1, VI-2 |
| LIS = 1 | Medium | WL-1 |
| LIS = 2 | High | WL-2, WL-3 |
| Risk factors | Impact | Security profiles |
|--------------|--------|--------------------|
| SDT = 0 | Low | none |
| SDT = 1 | Medium | WD-\*, WL-\*, VI-1 |
| SDT = 2 | High | VI-2 |
Requirements that mitigate this threat: CDTX, DMIN
Mitigations for Likelihood:
* Medium to Low: CDTX
* High to Low: CDTX
Mitigations for Impact:
* Medium to Low: DJST
Requirements: CDTX, DMIN, LMAS
* High to Low: DJST
**[TH-AVAI]:** Attacker may exploit vulnerabilities in the product to reduce availability of product assets.
