Lucene search

FreeBSDDDD48087-BD86-11E9-B13F-001B217B3468

HistoryAug 12, 2019 - 12:00 a.m.

Gitlab -- Multiple Vulnerabilities

2019-08-1200:00:00

vuxml.freebsd.org

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

EPSS

0.015

Percentile

87.3%

JSON

Gitlab reports:

Insecure Authentication Methods Disabled for Grafana By Default
Multiple Command-Line Flag Injection Vulnerabilities
Insecure Cookie Handling on GitLab Pages

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchgitlab-ce= 12.1.0UNKNOWN
FreeBSDanynoarchgitlab-ce< 12.1.6UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	gitlab-ce	= 12.1.0	UNKNOWN
FreeBSD	any	noarch	gitlab-ce	< 12.1.6	UNKNOWN

References

about.gitlab.com/2019/08/12/critical-security-release-gitlab-12-dot-1-dot-6-released/

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

EPSS

0.015

Percentile

87.3%

JSON

Related for DDD48087-BD86-11E9-B13F-001B217B3468