Lucene search

Ubuntu.comUB:CVE-2019-13005

HistoryMar 10, 2020 - 12:00 a.m.

CVE-2019-13005

2020-03-1000:00:00

ubuntu.com

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

20.1%

JSON

An issue was discovered in GitLab Enterprise Edition and Community Edition
1.10 through 12.0.2. The GitLab graphql service was vulnerable to multiple
authorization issues that disclosed restricted user, group, and repository
metadata to unauthorized users. It has Incorrect Access Control.

Notes

Author	Note
msalvatore	Affects GitLab CE/EE 11.10 and later.

References

about.gitlab.com/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/

launchpad.net/bugs/cve/CVE-2019-13005

nvd.nist.gov/vuln/detail/CVE-2019-13005

security-tracker.debian.org/tracker/CVE-2019-13005

www.cve.org/CVERecord?id=CVE-2019-13005

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

20.1%

JSON

Related for UB:CVE-2019-13005