Lucene search

Ubuntu.comUB:CVE-2019-15723

HistorySep 16, 2019 - 12:00 a.m.

CVE-2019-15723

2019-09-1600:00:00

ubuntu.com

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

EPSS

0.001

Percentile

30.8%

JSON

An issue was discovered in GitLab Community and Enterprise Edition 11.9.x
and 11.10.x before 11.10.1. Merge requests created by email could be used
to bypass push rules in certain situations.

Notes

Author	Note
msalvatore	Affects GitLab CE/EE versions 11.9.4-11.10.0. Please note that this was already fixed in 11.10.1

References

about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/

launchpad.net/bugs/cve/CVE-2019-15723

nvd.nist.gov/vuln/detail/CVE-2019-15723

security-tracker.debian.org/tracker/CVE-2019-15723

www.cve.org/CVERecord?id=CVE-2019-15723

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

EPSS

0.001

Percentile

30.8%

JSON

Related for UB:CVE-2019-15723