7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
49.7%
Severity: Medium
Date : 2018-07-04
CVE-ID : CVE-2018-3740 CVE-2018-12606 CVE-2018-12607
Package : gitlab
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-726
The package gitlab before version 11.0.1-1 is vulnerable to multiple
issues including cross-site scripting and insufficient validation.
Upgrade to 11.0.1-1.
The problems have been fixed upstream in version 11.0.1.
None.
A specially crafted HTML fragment can cause Sanitize gem for Ruby to
allow non-whitelisted attributes to be used on a whitelisted HTML
element.
The wiki contains a persistent XSS issue due to a lack of output
encoding affecting a specific markdown feature.
The charts feature contained a persistent XSS issue due to a lack of
output encoding.
An attacker is able to use a GitLab server to execute malicious
Javascript code on its users via a crafted HTML chart or specific
markdown features.
https://about.gitlab.com/2018/06/25/security-release-gitlab-11-dot-0-dot-1-released/
https://security.archlinux.org/CVE-2018-3740
https://security.archlinux.org/CVE-2018-12606
https://security.archlinux.org/CVE-2018-12607
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
49.7%