exploitDog

CVE-2019-7176

Опубликовано: 09 сент. 2019

Источник: nvd

CVSS3: 3.7

CVSS2: 4.3

EPSS Низкий

Описание

An issue was discovered in GitLab Community and Enterprise Edition 8.x (starting in 8.9), 9.x, 10.x, and 11.x before 11.5.9, 11.6.x before 11.6.7, and 11.7.x before 11.7.2. It has Incorrect Access Control. Guest users are able to add reaction emojis on comments to which they have no visibility.

Ссылки

https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/
Vendor Advisory
https://gitlab.com/gitlab-org/gitlab-ce/issues/51332
Exploit
Vendor Advisory
https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/
Vendor Advisory
https://gitlab.com/gitlab-org/gitlab-ce/issues/51332
Exploit
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*

Версия от 8.9.0 (включая) до 8.17.8 (включая)

cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

Версия от 8.9.0 (включая) до 8.17.8 (включая)

cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*

Версия от 9.0.0 (включая) до 9.5.10 (включая)

cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

Версия от 9.0.0 (включая) до 9.5.10 (включая)

cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*

Версия от 10.0.0 (включая) до 10.8.6 (включая)

cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

Версия от 10.0.0 (включая) до 10.8.6 (включая)

cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*

Версия от 11.0.0 (включая) до 11.5.9 (исключая)

cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

Версия от 11.0.0 (включая) до 11.5.9 (исключая)

cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*

Версия от 11.6.0 (включая) до 11.6.7 (исключая)

cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

Версия от 11.6.0 (включая) до 11.6.7 (исключая)

cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*

Версия от 11.7.0 (включая) до 11.7.2 (исключая)

cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

Версия от 11.7.0 (включая) до 11.7.2 (исключая)

EPSS

Процентиль: 33%

0.00131

Низкий

3.7 Low

CVSS3

4.3 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

CVE-2019-7176

CVSS3: 3.7

ubuntu

больше 6 лет назад

An issue was discovered in GitLab Community and Enterprise Edition 8.x (starting in 8.9), 9.x, 10.x, and 11.x before 11.5.9, 11.6.x before 11.6.7, and 11.7.x before 11.7.2. It has Incorrect Access Control. Guest users are able to add reaction emojis on comments to which they have no visibility.

CVE-2019-7176

CVSS3: 3.7

debian

больше 6 лет назад

An issue was discovered in GitLab Community and Enterprise Edition 8.x ...

GHSA-7hvx-c862-6p8m

github

больше 3 лет назад

An issue was discovered in GitLab Community and Enterprise Edition 8.x (starting in 8.9), 9.x, 10.x, and 11.x before 11.5.9, 11.6.x before 11.6.7, and 11.7.x before 11.7.2. It has Incorrect Access Control. Guest users are able to add reaction emojis on comments to which they have no visibility.

EPSS

Процентиль: 33%

0.00131

Низкий

3.7 Low

CVSS3

4.3 Medium

CVSS2

Дефекты

NVD-CWE-noinfo