Lucene search

Ubuntu.comUB:CVE-2019-7176

HistorySep 09, 2019 - 12:00 a.m.

CVE-2019-7176

2019-09-0900:00:00

ubuntu.com

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

3.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

EPSS

0.001

Percentile

46.4%

JSON

An issue was discovered in GitLab Community and Enterprise Edition 8.x
(starting in 8.9), 9.x, 10.x, and 11.x before 11.5.9, 11.6.x before 11.6.7,
and 11.7.x before 11.7.2. It has Incorrect Access Control. Guest users are
able to add reaction emojis on comments to which they have no visibility.

Notes

Author	Note
msalvatore	Affects GitLab 8.9 and later.

References

about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/

launchpad.net/bugs/cve/CVE-2019-7176

nvd.nist.gov/vuln/detail/CVE-2019-7176

security-tracker.debian.org/tracker/CVE-2019-7176

www.cve.org/CVERecord?id=CVE-2019-7176

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

3.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

EPSS

0.001

Percentile

46.4%

JSON

Related for UB:CVE-2019-7176