Lucene search

Debian Security Bug TrackerDEBIANCVE:CVE-2021-39906

HistoryNov 05, 2021 - 12:15 a.m.

CVE-2021-39906

2021-11-0500:15:10

Debian Security Bug Tracker

security-tracker.debian.org

cve-2021-39906

gitlab ce

gitlab ee

validation

ipynb files

javascript code execution

unix

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

8.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

EPSS

0.001

Percentile

42.0%

JSON

Improper validation of ipynb files in GitLab CE/EE version 13.5 and above allows an attacker to execute arbitrary JavaScript code on the victim’s behalf.

OSVersionArchitecturePackageVersionFilename
Debian999allgitlab< 15.10.8+ds1-2gitlab_15.10.8+ds1-2_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	999	all	gitlab	< 15.10.8+ds1-2	gitlab_15.10.8+ds1-2_all.deb

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

8.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

EPSS

0.001

Percentile

42.0%

JSON

Related for DEBIANCVE:CVE-2021-39906