CVE-2019-10115

{"id": "CVE-2019-10115", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2019-05-16T15:29:00.990", "references": [{"url": "https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released/", "tags": ["Release Notes", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://about.gitlab.com/blog/categories/releases/", "tags": ["Release Notes", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/56402", "tags": ["Exploit", "Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-732"}]}], "descriptions": [{"lang": "en", "value": "An Insecure Permissions issue (issue 2 of 3) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. The GitLab Releases feature could allow guest users access to private information like release details and code information."}, {"lang": "es", "value": "Fue encontrado un problema de permisos no seguros (problema 2 de 3) en GitLab Community and Enterprise Edition anterior de la versi\u00f3n 11.7.8, versi\u00f3n 11.8.x anterior de 11.8.4 y versi\u00f3n 11.9.x anterior de 11.9.2. La funci\u00f3n GitLab Releases podr\u00eda permitir a los usuarios invitados acceder a informaci\u00f3n privada como detalles de versiones e informaci\u00f3n de c\u00f3digo."}], "lastModified": "2020-08-24T17:37:01.140", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "vulnerable": true, "matchCriteriaId": "6512499B-A054-44FD-B233-18FDB4352149", "versionEndExcluding": "11.7.8"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "5F337BCF-E927-4F9A-B578-8D3BF4BF1BA0", "versionEndExcluding": "11.7.8"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "vulnerable": true, "matchCriteriaId": "75395889-A145-4027-B09A-C79558A6FCBE", "versionEndExcluding": "11.8.4", "versionStartIncluding": "11.8.0"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "5BEABDC6-7DCC-4C95-8CD7-8F834F2EF5FD", "versionEndExcluding": "11.8.4", "versionStartIncluding": "11.8.0"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "vulnerable": true, "matchCriteriaId": "54A0F503-7F38-401F-AC54-E5E10CFC1B1D", "versionEndExcluding": "11.9.2", "versionStartIncluding": "11.9.0"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "B6F651B7-7BAD-4247-9E27-BA0FC363C718", "versionEndExcluding": "11.9.2", "versionStartIncluding": "11.9.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}