vulnerability

FreeBSD: VID-01BDE18A-2E09-11EA-A935-001B217B3468 (CVE-2019-20146): Gitlab -- Multiple Vulnerabilities

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:N/I:N/A:P)	Jan 2, 2020	Jan 4, 2020	Jan 22, 2020

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:N/A:P)

Published

Jan 2, 2020

Added

Jan 4, 2020

Modified

Jan 22, 2020

Description

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From VID-01BDE18A-2E09-11EA-A935-001B217B3468:

SO-AND-SO reports:

Group Maintainers Can Update/Delete Group Runners Using API

GraphQL Queries Can Hang the Application

Unauthorized Users Have Access to Milestones of Releases

Private Group Name Revealed Through Protected Tags API

Users Can Publish Reviews on Locked Merge Requests

DoS in the Issue and Commit Comments Pages

Project Name Disclosed Through Unsubscribe Link

Private Project Name Disclosed Through Notification Settings

Solution

freebsd-upgrade-package-gitlab-ce

References

NVD-CVE-2019-20146

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today