CVE-2019-7549

An issue was discovered in GitLab Community and Enterprise Edition 10.x and 11.x before 11.5.10, 11.6.x before 11.6.8, and 11.7.x before 11.7.3. It has Incorrect Access Control. The GitLab pipelines feature is vulnerable to authorization issues that allow unauthorized users to view job information.

CVSS v3 4.3 MEDIUM
CVSS v2.0 4.0 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

Vector : AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:P/I:N/A:N

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/	Vendor Advisory
https://gitlab.com/gitlab-org/gitlab-ce/issues/54358
https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/	Vendor Advisory
https://gitlab.com/gitlab-org/gitlab-ce/issues/54358

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:gitlab:gitlab:::::community:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
	cpe:2.3:a:gitlab:gitlab:::::community:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
	cpe:2.3:a:gitlab:gitlab:::::community:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*

History

21 Nov 2024, 04:48

Type	Values Removed	Values Added
References	~~() https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/ - Vendor Advisory~~	() https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/ - Vendor Advisory
References	~~() https://gitlab.com/gitlab-org/gitlab-ce/issues/54358 -~~	() https://gitlab.com/gitlab-org/gitlab-ce/issues/54358 -

Information

Published : 2019-05-29 16:29

Updated : 2024-11-21 04:48

NVD link : CVE-2019-7549

Mitre link : CVE-2019-7549

CVE.ORG link : CVE-2019-7549

JSON object : View

Products Affected

gitlab

gitlab

CWE

NVD-CWE-noinfo

{"id": "CVE-2019-7549", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2019-05-29T16:29:01.107", "references": [{"url": "https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/54358", "source": "cve@mitre.org"}, {"url": "https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/54358", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in GitLab Community and Enterprise Edition 10.x and 11.x before 11.5.10, 11.6.x before 11.6.8, and 11.7.x before 11.7.3. It has Incorrect Access Control. The GitLab pipelines feature is vulnerable to authorization issues that allow unauthorized users to view job information."}, {"lang": "es", "value": "Se detecto un problema en GitLab Community and Enterprise Edition versiones 10.x y 11.x en versiones anteriores a la 11.5.10, versi\u00f3n 11.6.x en versiones anteriores a la 11.6.8, y versi\u00f3n 11.7.x en versiones anteriores a la 11.7.3. Presenta un control de acceso incorrecto. La funci\u00f3n pipelines de GitLab es vulnerable a problemas de autorizaci\u00f3n que permiten a usuarios no autorizados ver informaci\u00f3n sobre el trabajo."}], "lastModified": "2024-11-21T04:48:18.587", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "vulnerable": true, "matchCriteriaId": "6D822ABE-9658-4E0B-9DF8-9660380A6636", "versionEndExcluding": "11.5.10", "versionStartIncluding": "10.0.0"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "E73AC3DE-3F90-4485-AFA2-67488B81477F", "versionEndExcluding": "11.5.10", "versionStartIncluding": "10.0.0"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "vulnerable": true, "matchCriteriaId": "0EEB5737-D927-4402-BC6F-632B5A50E399", "versionEndExcluding": "11.6.8", "versionStartIncluding": "11.6.0"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "FB9B65A4-C7B6-4256-B981-8F7507F7A51B", "versionEndExcluding": "11.6.8", "versionStartIncluding": "11.6.0"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "vulnerable": true, "matchCriteriaId": "D59D368F-5161-44BA-9FA5-C813331F4A8E", "versionEndExcluding": "11.7.3", "versionStartIncluding": "11.7.0"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "E02EB0FA-634F-4D73-A07B-79EEF3390D46", "versionEndExcluding": "11.7.3", "versionStartIncluding": "11.7.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}