Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2018-17449

Опубликовано: 15 апр. 2023
Источник: nvd
CVSS3: 7.5
EPSS Низкий

Описание

An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. Remote attackers could obtain sensitive information about issues, comments, and project titles via events API insecure direct object reference.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
Версия до 11.1.7 (исключая)
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
Версия до 11.1.7 (исключая)
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
Версия от 11.2.0 (включая) до 11.2.4 (исключая)
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
Версия от 11.2.0 (включая) до 11.2.4 (исключая)
cpe:2.3:a:gitlab:gitlab:11.3.0:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:11.3.0:*:*:*:enterprise:*:*:*

EPSS

Процентиль: 26%
0.00088
Низкий

7.5 High

CVSS3

Дефекты

CWE-639
CWE-639

Связанные уязвимости

ubuntu логотип

CVE-2018-17449

CVSS3: 7.5
ubuntu
около 2 лет назад

An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. Remote attackers could obtain sensitive information about issues, comments, and project titles via events API insecure direct object reference.

debian логотип

CVE-2018-17449

CVSS3: 7.5
debian
около 2 лет назад

An issue was discovered in GitLab Community and Enterprise Edition bef ...

github логотип

GHSA-66cv-679x-3ffv

CVSS3: 7.5
github
около 2 лет назад

An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. Remote attackers could obtain sensitive information about issues, comments, and project titles via events API insecure direct object reference.

EPSS

Процентиль: 26%
0.00088
Низкий

7.5 High

CVSS3

Дефекты

CWE-639
CWE-639