CVE-2018-12605

Опубликовано: 03 авг. 2018

Источник: ubuntu

Приоритет: medium

EPSS Низкий

CVSS2: 3.5

CVSS3: 5.4

Описание

An issue was discovered in GitLab Community Edition and Enterprise Edition 10.7.x before 10.7.6. The usage of 'url_for' contained a XSS issue due to it allowing arbitrary protocols as a parameter.

Релиз	Статус	Примечание
artful	ignored	end of life
bionic	DNE
cosmic	DNE
devel	DNE
disco	DNE
eoan	DNE
esm-apps/xenial	not-affected	code not present
esm-infra-legacy/trusty	DNE
precise/esm	DNE
trusty	DNE

Показывать по

Ссылки на источники

EPSS

Процентиль: 20%

0.00064

Низкий

3.5 Low

CVSS2

5.4 Medium

CVSS3

Связанные уязвимости

CVE-2018-12605

CVSS3: 5.4

nvd

почти 7 лет назад

An issue was discovered in GitLab Community Edition and Enterprise Edition 10.7.x before 10.7.6. The usage of 'url_for' contained a XSS issue due to it allowing arbitrary protocols as a parameter.

CVE-2018-12605

CVSS3: 5.4

debian

почти 7 лет назад

An issue was discovered in GitLab Community Edition and Enterprise Edi ...

GHSA-2cf2-299c-gg46

CVSS3: 5.4

github

около 3 лет назад

An issue was discovered in GitLab Community Edition and Enterprise Edition 10.7.x before 10.7.6. The usage of 'url_for' contained a XSS issue due to it allowing arbitrary protocols as a parameter.

EPSS

Процентиль: 20%

0.00064

Низкий

3.5 Low

CVSS2

5.4 Medium

CVSS3

CVE-2018-12605

Описание

Пакет gitlab

Ссылки на источники

Связанные уязвимости