Lucene search

Ubuntu.comUB:CVE-2018-14603

HistoryJul 27, 2018 - 12:00 a.m.

CVE-2018-14603

2018-07-2700:00:00

ubuntu.com

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

31.5%

JSON

An issue was discovered in GitLab Community and Enterprise Edition before
10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. CSRF can occur in
the Test feature of the System Hooks component.

Notes

Author	Note
msalvatore	Affects GitLab CE/EE 2.7.0pre and later.

References

about.gitlab.com/2018/07/26/security-release-gitlab-11-dot-1-dot-2-released/

launchpad.net/bugs/cve/CVE-2018-14603

nvd.nist.gov/vuln/detail/CVE-2018-14603

security-tracker.debian.org/tracker/CVE-2018-14603

www.cve.org/CVERecord?id=CVE-2018-14603

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

31.5%

JSON

Related for UB:CVE-2018-14603