CVE-2019-15575

Опубликовано: 18 дек. 2019

Источник: debian

EPSS Низкий

Описание

A command injection exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.12 that allowed an attacker to inject commands via the API through the blobs scope.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
gitlab	fixed	12.6.8-3		package

Примечания

https://hackerone.com/reports/682442
https://about.gitlab.com/releases/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/

EPSS

Процентиль: 85%

0.02675

Низкий

Связанные уязвимости

CVE-2019-15575

CVSS3: 7.5

ubuntu

больше 5 лет назад

A command injection exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.12 that allowed an attacker to inject commands via the API through the blobs scope.

CVE-2019-15575

CVSS3: 7.5

nvd

больше 5 лет назад

A command injection exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.12 that allowed an attacker to inject commands via the API through the blobs scope.

GHSA-55ff-j47x-6xcq

github

около 3 лет назад

A command injection exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.12 that allowed an attacker to inject commands via the API through the blobs scope.

EPSS

Процентиль: 85%

0.02675

Низкий