CVE-2019-10115

Опубликовано: 16 мая 2019

Источник: nvd

CVSS3: 6.5

CVSS2: 4

EPSS Низкий

Описание

An Insecure Permissions issue (issue 2 of 3) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. The GitLab Releases feature could allow guest users access to private information like release details and code information.

Ссылки

https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released/
Release Notes
Vendor Advisory
https://about.gitlab.com/blog/categories/releases/
Release Notes
Vendor Advisory
https://gitlab.com/gitlab-org/gitlab-ce/issues/56402
Exploit
Vendor Advisory
https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released/
Release Notes
Vendor Advisory
https://about.gitlab.com/blog/categories/releases/
Release Notes
Vendor Advisory
https://gitlab.com/gitlab-org/gitlab-ce/issues/56402
Exploit
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*

Версия до 11.7.8 (исключая)

cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

Версия до 11.7.8 (исключая)

cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*

Версия от 11.8.0 (включая) до 11.8.4 (исключая)

cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

Версия от 11.8.0 (включая) до 11.8.4 (исключая)

cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*

Версия от 11.9.0 (включая) до 11.9.2 (исключая)

cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

Версия от 11.9.0 (включая) до 11.9.2 (исключая)

EPSS

Процентиль: 39%

0.00174

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-732

Связанные уязвимости

CVE-2019-10115

CVSS3: 6.5

ubuntu

около 6 лет назад

CVE-2019-10115

CVSS3: 6.5

debian

около 6 лет назад

An Insecure Permissions issue (issue 2 of 3) was discovered in GitLab ...

GHSA-mhvv-m4rg-2pmj

github

около 3 лет назад

EPSS

Процентиль: 39%

0.00174

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-732