vulnerability
FreeBSD: VID-11292460-3F2F-11E9-ADCB-001B217B3468 (CVE-2019-9221): Gitlab -- Multiple vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 2 | (AV:L/AC:L/Au:N/C:P/I:N/A:N) | Mar 4, 2019 | Mar 5, 2019 | Jun 3, 2019 |
Description
Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.
From VID-11292460-3F2F-11E9-ADCB-001B217B3468:
Gitlab reports:
Arbitrary file read via MergeRequestDiff
CSRF add Kubernetes cluster integration
Blind SSRF in prometheus integration
Merge request information disclosure
IDOR milestone name information disclosure
Burndown chart information disclosure
Private merge request titles in public project information disclosure
Private namespace disclosure in email notification when issue is moved
Milestone name disclosure
Issue board name disclosure
NPM automatic package referencer
Path traversal snippet mover
Information disclosure repo existence
Issue DoS via Mermaid
Privilege escalation impersonate user
Solution
References
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.