exploitDog

CVE-2019-6960

Опубликовано: 09 сент. 2019

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

An issue was discovered in GitLab Community and Enterprise Edition 9.x, 10.x, and 11.x before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control. Access to the internal wiki is permitted when an external wiki service is enabled.

Ссылки

https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/
Release Notes
Vendor Advisory
https://gitlab.com/gitlab-org/gitlab-ce/issues/54357
Exploit
Issue Tracking
Third Party Advisory
https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/
Release Notes
Vendor Advisory
https://gitlab.com/gitlab-org/gitlab-ce/issues/54357
Exploit
Issue Tracking
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*

Версия от 9.3.0 (включая) до 9.3.7 (включая)

cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

Версия от 9.3.0 (включая) до 9.3.7 (включая)

cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*

Версия от 10.0.0 (включая) до 10.8.7 (включая)

cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

Версия от 10.0.0 (включая) до 10.8.7 (включая)

cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*

Версия от 11.0.0 (включая) до 11.5.8 (исключая)

cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

Версия от 11.0.0 (включая) до 11.5.8 (исключая)

cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*

Версия от 11.6.0 (включая) до 11.6.6 (исключая)

cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

Версия от 11.6.0 (включая) до 11.6.6 (исключая)

cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*

Версия от 11.7.0 (включая) до 11.7.1 (исключая)

cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

Версия от 11.7.0 (включая) до 11.7.1 (исключая)

EPSS

Процентиль: 72%

0.00718

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

CVE-2019-6960

CVSS3: 9.8

ubuntu

больше 6 лет назад

An issue was discovered in GitLab Community and Enterprise Edition 9.x, 10.x, and 11.x before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control. Access to the internal wiki is permitted when an external wiki service is enabled.

CVE-2019-6960

CVSS3: 9.8

debian

больше 6 лет назад

An issue was discovered in GitLab Community and Enterprise Edition 9.x ...

GHSA-f3mf-g3hh-m9vw

github

больше 3 лет назад

An issue was discovered in GitLab Community and Enterprise Edition 9.x, 10.x, and 11.x before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control. Access to the internal wiki is permitted when an external wiki service is enabled.

EPSS

Процентиль: 72%

0.00718

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

NVD-CWE-noinfo