Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
freebsdFreeBSDC5BD9068-440F-11EA-9CDB-001B217B3468
HistoryJan 30, 2020 - 12:00 a.m.

Gitlab -- Multiple Vulnerabilities

2020-01-3000:00:00
vuxml.freebsd.org
30

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.008 Low

EPSS

Percentile

81.6%

JSON

Gitlab reports:

Path Traversal to Arbitrary File Read
User Permissions Not Validated in ProjectExportWorker
XSS Vulnerability in File API
Package and File Disclosure through GitLab Workhorse
XSS Vulnerability in Create Groups
Issue and Merge Request Activity Counts Exposed
Email Confirmation Bypass Using AP
Disclosure of Forked Private Project Source Code
Private Project Names Exposed in GraphQL queries
Disclosure of Issues and Merge Requests via Todos
Denial of Service via AsciiDoc
Last Pipeline Status Exposed
Arbitrary Change of Pipeline Status
Grafana Token Displayed in Plaintext
Update excon gem
Update rdoc gem
Update rack-cors gem
Update rubyzip gem

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchgitlab-ce= 12.7.0UNKNOWN
FreeBSDanynoarchgitlab-ce< 12.7.4UNKNOWN

Related

nessus 11
suse 2
prion 17
osv 39
ubuntucve 17
cve 17
debian 5
openvas 10
veracode 3
cvelist 17
debiancve 17
nvd 17
github 3
ubuntu 1
ibm 2
fedora 3
redhatcve 1
redhat 1
freebsd 1
nessus
nessus
FreeBSD : Gitlab -- Multiple Vulnerabilities (c5bd9068-440f-11ea-9cdb-001b217b3468)
2020-02-03 00:00:00
Debian DLA-2070-1 : ruby-excon security update
2020-01-21 00:00:00
Debian DLA-2389-1 : ruby-rack-cors security update
2020-10-05 00:00:00
suse
suse
Security update for rubygem-excon (moderate)
2020-01-29 00:00:00
Security update for rubygem-excon (moderate)
2020-01-14 00:00:00
prion
prion
Race condition
2019-12-16 20:15:00
Directory traversal
2019-11-14 21:15:00
Improper access control
2020-02-05 16:15:00
osv
osv
CVE-2019-16779
2019-12-16 20:15:15
ruby-rack-cors - security update
2020-10-01 00:00:00
ruby-excon - security update
2020-01-19 00:00:00
ubuntucve
ubuntucve
CVE-2019-18978
2019-11-14 00:00:00
CVE-2019-16779
2019-12-16 00:00:00
CVE-2019-16892
2019-09-25 00:00:00
cve
cve
CVE-2019-18978
2019-11-14 21:15:12
CVE-2019-16779
2019-12-16 20:15:15
CVE-2020-7967
2020-02-05 16:15:11
debian
debian
[SECURITY] [DSA 4918-1] ruby-rack-cors security update
2021-05-18 14:42:40
[SECURITY] [DLA 2096-1] ruby-rack-cors security update
2020-02-06 07:31:50
[SECURITY] [DSA 4918-1] ruby-rack-cors security update
2021-05-18 14:42:40
openvas
openvas
Debian: Security Advisory (DSA-4918-1)
2021-05-19 00:00:00
Debian: Security Advisory (DLA-2389-1)
2020-10-02 00:00:00
Ubuntu: Security Advisory (USN-4571-1)
2020-10-06 00:00:00
veracode
veracode
Information Disclosure
2019-12-17 01:56:32
Directory Traversal
2019-11-15 03:08:48
Denial Of Service (DoS)
2019-09-26 01:19:39
cvelist
cvelist
CVE-2019-16779 In RubyGem excon, interrupted Persistent Connections May Leak Response Data
2019-12-16 19:35:13
CVE-2019-18978
2019-11-14 20:21:24
CVE-2019-16892
2019-09-25 00:00:00
debiancve
debiancve
CVE-2019-16779
2019-12-16 20:15:15
CVE-2019-18978
2019-11-14 21:15:12
CVE-2020-7968
2020-02-05 16:15:11
nvd
nvd
CVE-2019-18978
2019-11-14 21:15:12
CVE-2019-16779
2019-12-16 20:15:15
CVE-2019-16892
2019-09-25 22:15:10
github
github
The rack-cors rubygem may allow directory traveral
2019-11-15 20:26:59
In RubyGem excon, interrupted Persistent Connections May Leak Response Data
2019-12-16 19:30:17
Rubyzip denial of service
2019-09-30 16:05:32
ubuntu
ubuntu
rack-cors vulnerability
2020-10-05 00:00:00
ibm
ibm
Security Bulletin: A vulnerability in Ruby on Rails affects IBM License Metric Tool v9 (CVE-2019-16779).
2020-03-27 07:35:23
Security Bulletin: Vulnerabilities in Ruby on Rails affect IBM License Metric Tool v9.
2019-12-17 16:14:50
fedora
fedora
[SECURITY] Fedora 30 Update: rubygem-rubyzip-1.1.7-10.fc30
2019-11-22 01:22:58
[SECURITY] Fedora 29 Update: rubygem-rubyzip-1.1.7-10.fc29
2019-11-22 01:40:11
[SECURITY] Fedora 31 Update: rubygem-rubyzip-1.1.7-10.fc31
2019-11-22 00:48:13
redhatcve
redhatcve
CVE-2019-16892
2019-11-12 07:07:20
redhat
redhat
(RHSA-2019:4201) Moderate: CloudForms 5.0.1 security, bug fix and enhancement update
2019-12-12 23:37:02
freebsd
freebsd
dovecot -- multiple vulnerabilities
2020-01-14 00:00:00

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.008 Low

EPSS

Percentile

81.6%

JSON
Related for C5BD9068-440F-11EA-9CDB-001B217B3468
nessus11suse2prion17osv39ubuntucve17cve17debian5openvas10veracode3cvelist17debiancve17nvd17github3ubuntu1ibm2fedora3redhatcve1redhat1freebsd1