Lucene search

Https://gitlab.com/gitlab-org/security-products/gemnasium-dbGITLAB-5217187E5EB79F3BE0037D8AD2847A31

HistoryJan 28, 2020 - 12:00 a.m.

Inclusion of Functionality from Untrusted Control Sphere

2020-01-2800:00:00

https://gitlab.com/gitlab-org/security-products/gemnasium-db

gitlab.com

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.002

Percentile

53.0%

JSON

The (1) create_branch, (2) create_tag, (3) import_project, and (4) fork_project functions in lib/gitlab_projects.rb allows remote authenticated users to include information from local files into the metadata of a Git repository via the web interface.

Affected configurations

Vulners

Node

gogitlab-shellRange<1.7.8

References

nvd.nist.gov/vuln/detail/CVE-2013-4582

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.002

Percentile

53.0%

JSON

Related for GITLAB-5217187E5EB79F3BE0037D8AD2847A31