Lucene search

Ubuntu.comUB:CVE-2019-13004

HistoryMar 10, 2020 - 12:00 a.m.

CVE-2019-13004

2020-03-1000:00:00

ubuntu.com

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

EPSS

0.001

Percentile

40.9%

JSON

An issue was discovered in GitLab Community and Enterprise Edition 11.10
through 12.0.2. When specific encoded characters were added to comments,
the comments section would become inaccessible. It has Incorrect Access
Control (issue 1 of 2).

Notes

Author	Note
msalvatore	Affects GitLab CE/EE 11.1 and later.

References

about.gitlab.com/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/

launchpad.net/bugs/cve/CVE-2019-13004

nvd.nist.gov/vuln/detail/CVE-2019-13004

security-tracker.debian.org/tracker/CVE-2019-13004

www.cve.org/CVERecord?id=CVE-2019-13004

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

EPSS

0.001

Percentile

40.9%

JSON

Related for UB:CVE-2019-13004