Lucene search

Ubuntu.comUB:CVE-2018-19496

HistoryJul 10, 2019 - 12:00 a.m.

CVE-2018-19496

2019-07-1000:00:00

ubuntu.com

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

22.7%

JSON

An issue was discovered in GitLab Community and Enterprise Edition 10.x and
11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There
is an incorrect access control vulnerability that permits a user with
insufficient privileges to promote a project milestone to a group
milestone.

References

about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/

launchpad.net/bugs/cve/CVE-2018-19496

nvd.nist.gov/vuln/detail/CVE-2018-19496

security-tracker.debian.org/tracker/CVE-2018-19496

www.cve.org/CVERecord?id=CVE-2018-19496

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

22.7%

JSON

Related for UB:CVE-2018-19496