exploitDog

CVE-2019-11549

Опубликовано: 09 сент. 2019

Источник: nvd

CVSS3: 6.5

CVSS2: 4

EPSS Низкий

Описание

An issue was discovered in GitLab Community and Enterprise Edition 9.x, 10.x, and 11.x before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. Gitaly has allows an information disclosure issue where HTTP/GIT credentials are included in logs on connection errors.

Ссылки

https://about.gitlab.com/2019/04/29/security-release-gitlab-11-dot-10-dot-2-released/
Release Notes
Vendor Advisory
https://gitlab.com/gitlab-org/gitlab-ce/issues/57779
Exploit
Vendor Advisory
https://about.gitlab.com/2019/04/29/security-release-gitlab-11-dot-10-dot-2-released/
Release Notes
Vendor Advisory
https://gitlab.com/gitlab-org/gitlab-ce/issues/57779
Exploit
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*

Версия от 9.0.0 (включая) до 9.3.7 (включая)

cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

Версия от 9.0.0 (включая) до 9.3.7 (включая)

cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*

Версия от 10.0.0 (включая) до 10.8.7 (включая)

cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

Версия от 10.0.0 (включая) до 10.8.7 (включая)

cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*

Версия от 11.0.0 (включая) до 11.8.9 (исключая)

cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

Версия от 11.0.0 (включая) до 11.8.9 (исключая)

cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*

Версия от 11.9.0 (включая) до 11.9.10 (исключая)

cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

Версия от 11.9.0 (включая) до 11.9.10 (исключая)

cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*

Версия от 11.10.0 (включая) до 11.10.2 (исключая)

cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

Версия от 11.10.0 (включая) до 11.10.2 (исключая)

EPSS

Процентиль: 39%

0.00167

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-532

Связанные уязвимости

CVE-2019-11549

CVSS3: 6.5

ubuntu

почти 6 лет назад

An issue was discovered in GitLab Community and Enterprise Edition 9.x, 10.x, and 11.x before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. Gitaly has allows an information disclosure issue where HTTP/GIT credentials are included in logs on connection errors.

CVE-2019-11549

CVSS3: 6.5

debian

почти 6 лет назад

An issue was discovered in GitLab Community and Enterprise Edition 9.x ...

GHSA-q3qh-rxpm-hmc7

github

около 3 лет назад

An issue was discovered in GitLab Community and Enterprise Edition 9.x, 10.x, and 11.x before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. Gitaly has allows an information disclosure issue where HTTP/GIT credentials are included in logs on connection errors.

EPSS

Процентиль: 39%

0.00167

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-532