» 2019 » 9월

CVE-2019-11546

Posted on 2019년 9월 10일2019년 9월 10일 by admin

CVE-2019-11546

An issue was discovered in GitLab Community and Enterprise Edition before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. It has a Race Condition which could allow users to approve a merge request multiple times and potentially reach the approval count required to merge.

Source: CVE-2019-11546

CVE-2019-11547

Posted on 2019년 9월 10일2019년 9월 10일 by admin

CVE-2019-11547

An issue was discovered in GitLab Community and Enterprise Edition before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. It has Improper Encoding or Escaping of Output. The branch name on new merge request notification emails isn’t escaped, which could potentially lead to XSS issues.

Source: CVE-2019-11547

CVE-2019-11548

Posted on 2019년 9월 10일2019년 9월 10일 by admin

CVE-2019-11548

An issue was discovered in GitLab Community and Enterprise Edition before 11.8.9. It has Incorrect Access Control. Unprivileged members of a project are able to post comments on confidential issues through an authorization issue in the note endpoint.

Source: CVE-2019-11548

CVE-2019-5471

Posted on 2019년 9월 10일2019년 9월 10일 by admin

CVE-2019-5471

An input validation and output encoding issue was discovered in the GitLab email notification feature which could result in a persistent XSS. This was addressed in GitLab 12.1.2, 12.0.4, and 11.11.6.

Source: CVE-2019-5471

CVE-2019-5467

Posted on 2019년 9월 10일2019년 9월 10일 by admin

CVE-2019-5467

An input validation and output encoding issue was discovered in the GitLab CE/EE wiki pages feature which could result in a persistent XSS. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6.

Source: CVE-2019-5467

CVE-2019-5463

Posted on 2019년 9월 10일2019년 9월 10일 by admin

CVE-2019-5463

An authorization issue was discovered in the GitLab CE/EE CI badge images endpoint which could result in disclosure of the build status. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6.

Source: CVE-2019-5463

CVE-2019-5473

Posted on 2019년 9월 10일2019년 9월 10일 by admin

CVE-2019-5473

An authentication issue was discovered in GitLab that allowed a bypass of email verification. This was addressed in GitLab 12.1.2 and 12.0.4.

Source: CVE-2019-5473

CVE-2019-5461

Posted on 2019년 9월 10일2019년 9월 10일 by admin

CVE-2019-5461

An input validation problem was discovered in the GitHub service integration which could result in an attacker being able to make arbitrary POST requests in a GitLab instance’s internal network. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6.

Source: CVE-2019-5461

CVE-2019-5483

Posted on 2019년 9월 10일2019년 9월 10일 by admin

CVE-2019-5483

Seneca < 3.9.0 contains a vulnerability that could lead to exposing environment variables to unauthorized users.

Source: CVE-2019-5483

CVE-2019-12405

Posted on 2019년 9월 10일2019년 9월 10일 by admin

CVE-2019-12405

Improper authentication is possible in Apache Traffic Control versions 3.0.0 and 3.0.1 if LDAP is enabled for login in the Traffic Ops API component. Given a username for a user that can be authenticated via LDAP, it is possible to improperly authenticate as that user without that user’s correct password.

Source: CVE-2019-12405