Lucene search

Ubuntu.comUB:CVE-2019-13007

HistoryMar 10, 2020 - 12:00 a.m.

CVE-2019-13007

2020-03-1000:00:00

ubuntu.com

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

35.0%

JSON

An issue was discovered in GitLab Community and Enterprise Edition 11.11
through 12.0.2. When an admin enabled one of the service templates, it was
triggering an action that leads to resource depletion. It allows
Uncontrolled Resource Consumption.

Notes

Author	Note
msalvatore	Affects GitLab CE/EE 11.11 and later.

References

about.gitlab.com/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/

launchpad.net/bugs/cve/CVE-2019-13007

nvd.nist.gov/vuln/detail/CVE-2019-13007

security-tracker.debian.org/tracker/CVE-2019-13007

www.cve.org/CVERecord?id=CVE-2019-13007

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

35.0%

JSON

Related for UB:CVE-2019-13007