CVE-2019-7353

Опубликовано: 17 мая 2019

Источник: nvd

CVSS3: 9.1

CVSS2: 6.4

EPSS Низкий

Описание

An Incorrect Access Control issue was discovered in GitLab Community and Enterprise Edition 11.7.x before 11.7.4. GitLab Releases were vulnerable to an authorization issue that allowed users to view confidential issue and merge request titles of other projects.

Ссылки

https://about.gitlab.com/2019/02/05/critical-security-release-gitlab-11-dot-7-dot-4-released/
Release Notes
Vendor Advisory
https://gitlab.com/gitlab-org/gitlab-ce/issues/56568
https://about.gitlab.com/2019/02/05/critical-security-release-gitlab-11-dot-7-dot-4-released/
Release Notes
Vendor Advisory
https://gitlab.com/gitlab-org/gitlab-ce/issues/56568

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*

Версия от 11.7.0 (включая) до 11.7.4 (исключая)

cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

Версия от 11.7.0 (включая) до 11.7.4 (исключая)

EPSS

Процентиль: 35%

0.00142

Низкий

9.1 Critical

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

CVE-2019-7353

CVSS3: 9.1

ubuntu

больше 6 лет назад

CVE-2019-7353

CVSS3: 9.1

debian

больше 6 лет назад

An Incorrect Access Control issue was discovered in GitLab Community a ...

GHSA-fx2p-8vp5-7hx7

github

больше 3 лет назад

EPSS

Процентиль: 35%

0.00142

Низкий

9.1 Critical

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-200