CVE-2018-20500

Опубликовано: 17 мая 2019

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

An insecure permissions issue was discovered in GitLab Community and Enterprise Edition 9.4 and later but before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. The runner registration token in the CI/CD settings could not be reset. This was a security risk if one of the maintainers leaves the group and they know the token.

Ссылки

https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
Release Notes
Vendor Advisory
https://about.gitlab.com/blog/categories/releases/
Release Notes
Vendor Advisory
https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/
Release Notes
Vendor Advisory
https://about.gitlab.com/blog/categories/releases/
Release Notes
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*

Версия от 9.4.0 (включая) до 11.4.13 (исключая)

cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

Версия от 9.4.0 (включая) до 11.4.13 (исключая)

cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*

Версия от 11.5.0 (включая) до 11.5.6 (исключая)

cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

Версия от 11.5.0 (включая) до 11.5.6 (исключая)

cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*

Версия от 11.6.0 (включая) до 11.6.1 (исключая)

cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

Версия от 11.6.0 (включая) до 11.6.1 (исключая)

EPSS

Процентиль: 28%

0.00095

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-732

Связанные уязвимости

CVE-2018-20500

CVSS3: 7.5

ubuntu

около 6 лет назад

CVE-2018-20500

CVSS3: 7.5

debian

около 6 лет назад

An insecure permissions issue was discovered in GitLab Community and E ...

GHSA-fp7j-v353-cf72

github

около 3 лет назад

EPSS

Процентиль: 28%

0.00095

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-732