Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
freebsdFreeBSD467B7CBE-257D-11E9-8573-001B217B3468
HistoryJan 31, 2019 - 12:00 a.m.

Gitlab -- Multiple vulnerabilities

2019-01-3100:00:00
vuxml.freebsd.org
36

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.004 Low

EPSS

Percentile

72.1%

JSON

Gitlab reports:

Remote Command Execution via GitLab Pages
Covert Redirect to Steal GitHub/Bitbucket Tokens
Remote Mirror Branches Leaked by Git Transfer Refs
Denial of Service with Markdown
Guests Can View List of Group Merge Requests
Guest Can View Merge Request Titles via System Notes
Persistent XSS via KaTeX
Emails Sent to Unauthorized Users
Hyperlink Injection in Notification Emails
Unauthorized Access to LFS Objects
Trigger Token Exposure
Upgrade Rails to 5.0.7.1 and 4.2.11
Contributed Project Information Visible in Private Profile
Imported Project Retains Prior Visibility Setting
Error disclosure on Project Import
Persistent XSS in User Status
Last Commit Status Leaked to Guest Users
Mitigations for IDN Homograph and RTLO Attacks
Access to Internal Wiki When External Wiki Enabled
User Can Comment on Locked Project Issues
Unauthorized Reaction Emojis by Guest Users
User Retains Project Role After Removal from Private Group
GitHub Token Leaked to Maintainers
Unauthenticated Blind SSRF in Jira Integration
Unauthorized Access to Group Membership
Validate SAML Response in Group SAML SSO

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchgitlab-ce= 11.7.0UNKNOWN
FreeBSDanynoarchgitlab-ce< 11.7.3UNKNOWN

Related

nessus 8
ubuntucve 24
prion 24
debiancve 24
openvas 3
redhatcve 1
cve 24
redhat 1
osv 25
cvelist 24
nvd 24
gitlab 1
suse 1
fedora 2
freebsd 2
veracode 1
github 1
rubygems 1
nessus
nessus
FreeBSD : Gitlab -- Multiple vulnerabilities (467b7cbe-257d-11e9-8573-001b217b3468)
2019-02-01 00:00:00
Fedora 28 : rubygem-activejob (2019-31e6f6e545)
2019-02-26 00:00:00
openSUSE Security Update : rubygem-activejob-5_1 (openSUSE-2018-1502)
2018-12-10 00:00:00
ubuntucve
ubuntucve
CVE-2018-16476
2018-11-30 00:00:00
CVE-2019-6783
2019-09-09 00:00:00
CVE-2019-6781
2019-05-17 00:00:00
prion
prion
Improper access control
2018-11-30 19:29:00
Information disclosure
2019-09-09 20:15:00
Input validation
2019-05-17 16:29:00
debiancve
debiancve
CVE-2018-16476
2018-11-30 19:29:00
CVE-2019-6783
2019-09-09 20:15:11
CVE-2019-6782
2019-09-09 20:15:11
openvas
openvas
Fedora Update for rubygem-activejob FEDORA-2019-31e6f6e545
2019-02-26 00:00:00
Fedora Update for rubygem-activejob FEDORA-2019-d0af506401
2019-05-07 00:00:00
openSUSE: Security Advisory for rubygem-activejob-5_1 (openSUSE-SU-2018:4041-1)
2018-12-10 00:00:00
redhatcve
redhatcve
CVE-2018-16476
2019-10-06 08:53:41
cve
cve
CVE-2018-16476
2018-11-30 19:29:00
CVE-2019-6783
2019-09-09 20:15:11
CVE-2019-6782
2019-09-09 20:15:11
redhat
redhat
(RHSA-2019:0600) Moderate: CloudForms 4.6.9 security, bug fix and enhancement update
2019-03-19 07:19:44
osv
osv
Improper Access Control in activejob
2018-12-05 17:24:27
CVE-2018-16476
2018-11-30 19:29:00
CVE-2019-6788
2019-09-09 20:15:11
cvelist
cvelist
CVE-2018-16476
2018-11-30 19:00:00
CVE-2019-6783
2019-09-09 19:19:45
CVE-2019-6782
2019-09-09 19:17:09
nvd
nvd
CVE-2018-16476
2018-11-30 19:29:00
CVE-2019-6781
2019-05-17 16:29:05
CVE-2019-6784
2019-09-09 20:15:11
gitlab
gitlab
Deserialization of Untrusted Data
2018-11-30 00:00:00
suse
suse
Security update for rubygem-activejob-5_1 (low)
2018-12-08 00:21:00
fedora
fedora
[SECURITY] Fedora 28 Update: rubygem-activejob-5.1.5-2.fc28
2019-02-26 01:30:42
[SECURITY] Fedora 29 Update: rubygem-activejob-5.2.1-2.fc29
2019-02-26 03:07:17
freebsd
freebsd
Rails -- Active Job vulnerability
2018-11-27 00:00:00
Gitlab -- Multiple vulnerabilities
2019-02-05 00:00:00
veracode
veracode
Information Disclosure
2018-11-28 02:22:01
github
github
Improper Access Control in activejob
2018-12-05 17:24:27
rubygems
rubygems
Broken Access Control vulnerability in Active Job
2018-11-26 21:00:00

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.004 Low

EPSS

Percentile

72.1%

JSON
Related for 467B7CBE-257D-11E9-8573-001B217B3468
nessus8ubuntucve24prion24debiancve24openvas3redhatcve1cve24redhat1osv25cvelist24nvd24gitlab1suse1fedora2freebsd2veracode1github1rubygems1