exploitDog

CVE-2019-11218

Опубликовано: 24 апр. 2019

Источник: nvd

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

Improper handling of extra parameters in the AccountController (User Profile edit) in Jakub Chodounsky Bonobo Git Server before 6.5.0 allows authenticated users to gain application administrator privileges via additional form parameter submissions.

Ссылки

https://bonobogitserver.com/changelog/#version-650
Release Notes
Third Party Advisory
https://flab.cesnet.cz/advisories/cve-2019-11218
Third Party Advisory
https://bonobogitserver.com/changelog/#version-650
Release Notes
Third Party Advisory
https://flab.cesnet.cz/advisories/cve-2019-11218
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:bonobogitserver:bonobo_git_server:*:*:*:*:*:*:*:*

Версия до 6.5.0 (исключая)

EPSS

Процентиль: 75%

0.00865

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

GHSA-8w85-7w79-ghh7

github

больше 3 лет назад

Improper handling of extra parameters in the AccountController (User Profile edit) in Jakub Chodounsky Bonobo Git Server before 6.5.0 allows authenticated users to gain application administrator privileges via additional form parameter submissions.

EPSS

Процентиль: 75%

0.00865

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-20