Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
freebsdFreeBSDB9591212-DBA7-11E8-9416-001B217B3468
HistoryOct 29, 2018 - 12:00 a.m.

Gitlab -- multiple vulnerabilities

2018-10-2900:00:00
vuxml.freebsd.org
494

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.089

Percentile

94.6%

JSON

Gitlab reports:

RCE in Gitlab Wiki API
SSRF in Hipchat integration
Cleartext storage of personal access tokens
Information exposure through stack trace error message
Persistent XSS autocomplete
Information exposure in stored browser history
Information exposure when replying to issues through email
Persistent XSS in License Management and Security Reports
Metrics information disclosure in Prometheus integration
Unauthorized changes to a protected branch’s access levels

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchgitlab-ce= 11.4.0UNKNOWN
FreeBSDanynoarchgitlab-ce< 11.4.3UNKNOWN

Related

nessus 2
archlinux 1
openvas 6
osv 10
prion 10
ubuntucve 10
cvelist 10
nvd 10
cve 10
debiancve 10
checkpoint_advisories 1
freebsd 1
nessus
nessus
FreeBSD : Gitlab -- multiple vulnerabilities (b9591212-dba7-11e8-9416-001b217b3468)
2018-10-30 00:00:00
FreeBSD : Gitlab -- Multiple vulnerabilities (d889d32c-ecd9-11e8-9416-001b217b3468)
2018-11-21 00:00:00
archlinux
archlinux
[ASA-201810-16] gitlab: multiple issues
2018-10-31 00:00:00
openvas
openvas
GitLab 11.2.x - 11.2.6, 11.3.x - 11.3.7, 11.4.x - 11.4.2 Multiple Vulnerabilities
2022-03-23 00:00:00
GitLab <= 11.2.6, 11.3.x - 11.3.7, 11.4.x - 11.4.2 Multiple Vulnerabilities
2022-03-28 00:00:00
GitLab 10.4.x - 11.2.6, 11.3.x - 11.3.7, 11.4.x - 11.4.2 XSS Vulnerability
2022-03-25 00:00:00
osv
osv
CVE-2018-18642
2018-12-04 23:29:00
CVE-2018-18644
2018-12-04 23:29:00
CVE-2018-18643
2019-04-25 21:29:00
prion
prion
Authorization
2018-12-04 23:29:00
Remote code execution
2018-11-29 15:29:00
Cross site scripting
2019-04-25 21:29:00
ubuntucve
ubuntucve
CVE-2018-18644
2018-12-04 00:00:00
CVE-2018-18649
2018-11-29 00:00:00
CVE-2018-18645
2018-12-04 00:00:00
cvelist
cvelist
CVE-2018-18642
2018-12-04 23:00:00
CVE-2018-18645
2018-12-04 23:00:00
CVE-2018-18648
2018-12-04 23:00:00
nvd
nvd
CVE-2018-18644
2018-12-04 23:29:00
CVE-2018-18645
2018-12-04 23:29:00
CVE-2018-18642
2018-12-04 23:29:00
cve
cve
CVE-2018-18644
2018-12-04 23:29:00
CVE-2018-18643
2019-04-25 21:29:00
CVE-2018-18641
2018-12-04 23:29:00
debiancve
debiancve
CVE-2018-18646
2018-12-04 23:29:00
CVE-2018-18648
2018-12-04 23:29:00
CVE-2018-18645
2018-12-04 23:29:00
checkpoint_advisories
checkpoint_advisories
GitLab Wiki API Attachments Command Injection (CVE-2018-18649)
2019-02-20 00:00:00
freebsd
freebsd
Gitlab -- Multiple vulnerabilities
2018-11-19 00:00:00

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.089

Percentile

94.6%

JSON
Related for B9591212-DBA7-11E8-9416-001B217B3468
nessus2archlinux1openvas6osv10prion10ubuntucve10cvelist10nvd10cve10debiancve10checkpoint_advisories1freebsd1