Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
freebsdFreeBSD11292460-3F2F-11E9-ADCB-001B217B3468
HistoryMar 04, 2019 - 12:00 a.m.

Gitlab -- Multiple vulnerabilities

2019-03-0400:00:00
vuxml.freebsd.org
22

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

10

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

EPSS

0.004

Percentile

73.4%

JSON

Gitlab reports:

Arbitrary file read via MergeRequestDiff
CSRF add Kubernetes cluster integration
Blind SSRF in prometheus integration
Merge request information disclosure
IDOR milestone name information disclosure
Burndown chart information disclosure
Private merge request titles in public project information disclosure
Private namespace disclosure in email notification when issue is moved
Milestone name disclosure
Issue board name disclosure
NPM automatic package referencer
Path traversal snippet mover
Information disclosure repo existence
Issue DoS via Mermaid
Privilege escalation impersonate user

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchgitlab-ce= 11.8.0UNKNOWN
FreeBSDanynoarchgitlab-ce< 11.8.1UNKNOWN

Related

nessus 1
debiancve 17
nvd 17
ubuntucve 17
osv 17
prion 17
cvelist 17
cve 17
hackerone 1
nessus
nessus
FreeBSD : Gitlab -- Multiple vulnerabilities (11292460-3f2f-11e9-adcb-001b217b3468)
2019-03-06 00:00:00
debiancve
debiancve
CVE-2019-9175
2019-04-17 17:29:00
CVE-2019-9174
2019-04-17 17:29:00
CVE-2019-9220
2019-04-17 17:29:01
nvd
nvd
CVE-2019-9175
2019-04-17 17:29:00
CVE-2019-9170
2019-04-17 17:29:00
CVE-2019-9174
2019-04-17 17:29:00
ubuntucve
ubuntucve
CVE-2019-9170
2019-04-17 00:00:00
CVE-2019-9172
2019-04-17 00:00:00
CVE-2019-9176
2019-04-17 00:00:00
osv
osv
CVE-2019-9172
2019-04-17 17:29:00
CVE-2019-9174
2019-04-17 17:29:00
CVE-2019-9170
2019-04-17 17:29:00
prion
prion
Cross site request forgery (csrf)
2019-04-17 17:29:00
Server side request forgery (ssrf)
2019-04-17 17:29:00
Information disclosure
2019-04-17 17:29:00
cvelist
cvelist
CVE-2019-9176
2019-04-17 16:15:05
CVE-2019-9174
2019-04-17 16:17:40
CVE-2019-9171
2019-04-17 16:37:30
cve
cve
CVE-2019-9174
2019-04-17 17:29:00
CVE-2019-9225
2019-04-17 17:29:01
CVE-2019-9485
2019-05-29 17:29:00
hackerone
hackerone
GitLab: Uncontrolled Resource Consumption in any Markdown field using Mermaid
2019-08-09 13:54:02

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

10

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

EPSS

0.004

Percentile

73.4%

JSON
Related for 11292460-3F2F-11E9-ADCB-001B217B3468
nessus1debiancve17nvd17ubuntucve17osv17prion17cvelist17cve17hackerone1