CVE-2017-0923

Опубликовано: 21 мар. 2018

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

Gitlab Community Edition version 9.1 is vulnerable to lack of input validation in the IPython notebooks component resulting in persistent cross site scripting.

Ссылки

https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/
Vendor Advisory
https://hackerone.com/reports/293740
Permissions Required
https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/
Vendor Advisory
https://hackerone.com/reports/293740
Permissions Required

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:gitlab:gitlab:9.5.10:*:*:*:community:*:*:*

cpe:2.3:a:gitlab:gitlab:9.5.10:*:*:*:enterprise:*:*:*

cpe:2.3:a:gitlab:gitlab:10.1.5:*:*:*:community:*:*:*

cpe:2.3:a:gitlab:gitlab:10.1.5:*:*:*:enterprise:*:*:*

cpe:2.3:a:gitlab:gitlab:10.2.5:*:*:*:community:*:*:*

cpe:2.3:a:gitlab:gitlab:10.2.5:*:*:*:enterprise:*:*:*

cpe:2.3:a:gitlab:gitlab:10.3.3:*:*:*:community:*:*:*

cpe:2.3:a:gitlab:gitlab:10.3.3:*:*:*:enterprise:*:*:*

EPSS

Процентиль: 24%

0.00076

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

CVE-2017-0923

CVSS3: 6.1

ubuntu

около 7 лет назад

Gitlab Community Edition version 9.1 is vulnerable to lack of input validation in the IPython notebooks component resulting in persistent cross site scripting.

CVE-2017-0923

CVSS3: 6.1

debian

около 7 лет назад

Gitlab Community Edition version 9.1 is vulnerable to lack of input va ...

GHSA-4qc4-p4r5-q24g

CVSS3: 6.1

github

около 3 лет назад

Gitlab Community Edition version 9.1 is vulnerable to lack of input validation in the IPython notebooks component resulting in persistent cross site scripting.

EPSS

Процентиль: 24%

0.00076

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79