Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
freebsdFreeBSDB2F4AB91-0E6B-11E9-8700-001B217B3468
HistoryDec 31, 2018 - 12:00 a.m.

Gitlab -- Multiple vulnerabilities

2018-12-3100:00:00
vuxml.freebsd.org
10

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.002 Low

EPSS

Percentile

59.9%

JSON

Gitlab reports:

Source code disclosure merge request diff
Todos improper access control
URL rel attribute not set
Persistent XSS Autocompletion
SSRF repository mirroring
CI job token LFS error message disclosure
Secret CI variable exposure
Guest user CI job disclosure
Persistent XSS label reference
Persistent XSS wiki in IE browser
SSRF in project imports with LFS
Improper access control CI/CD settings
Missing authorization control merge requests
Improper access control branches and tags
Missing authentication for Prometheus alert endpoint

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchgitlab-ce= 11.6.0UNKNOWN
FreeBSDanynoarchgitlab-ce< 11.6.1UNKNOWN

Related

nessus 1
ubuntucve 15
nvd 15
debiancve 15
osv 15
prion 15
cvelist 15
cve 15
symantec 1
nessus
nessus
FreeBSD : Gitlab -- Multiple vulnerabilities (b2f4ab91-0e6b-11e9-8700-001b217b3468)
2019-01-07 00:00:00
ubuntucve
ubuntucve
CVE-2018-20501
2019-12-30 00:00:00
CVE-2018-20498
2019-12-30 00:00:00
CVE-2018-20488
2019-12-30 00:00:00
nvd
nvd
CVE-2018-20489
2019-12-30 22:15:11
CVE-2018-20494
2019-12-30 22:15:11
CVE-2018-20490
2019-12-30 22:15:11
debiancve
debiancve
CVE-2018-20500
2019-05-17 16:29:00
CVE-2018-20488
2019-12-30 22:15:11
CVE-2018-20501
2019-12-30 22:15:12
osv
osv
CVE-2018-20490
2019-12-30 22:15:11
CVE-2018-20488
2019-12-30 22:15:11
CVE-2018-20494
2019-12-30 22:15:11
prion
prion
Cross site scripting
2019-12-30 22:15:00
Information disclosure
2019-12-30 22:15:00
Improper access control
2019-12-30 22:15:00
cvelist
cvelist
CVE-2018-20496
2019-12-30 21:24:28
CVE-2018-20501
2019-12-30 21:24:28
CVE-2018-20488
2019-12-30 21:24:28
cve
cve
CVE-2018-20507
2019-12-30 22:15:12
CVE-2018-20497
2019-12-30 22:15:12
CVE-2018-20495
2019-12-30 22:15:11
symantec
symantec
GitLab CVE-2018-20492 Access Bypass Vulnerability
2019-12-26 00:00:00

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.002 Low

EPSS

Percentile

59.9%

JSON
Related for B2F4AB91-0E6B-11E9-8700-001B217B3468
nessus1ubuntucve15nvd15debiancve15osv15prion15cvelist15cve15symantec1