{ "id": "CVE-2019-7176", "sourceIdentifier": "cve@mitre.org", "published": "2019-09-09T21:15:12.310", "lastModified": "2020-08-24T17:37:01.140", "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An issue was discovered in GitLab Community and Enterprise Edition 8.x (starting in 8.9), 9.x, 10.x, and 11.x before 11.5.9, 11.6.x before 11.6.7, and 11.7.x before 11.7.2. It has Incorrect Access Control. Guest users are able to add reaction emojis on comments to which they have no visibility." }, { "lang": "es", "value": "Se descubri\u00f3 un problema en GitLab Community and Enterprise Edition versiones 8.x (a partir de 8.9), 9.x, 10.xy versiones 11.x anteriores a 11.5.9, versiones 11.6.x anteriores a 11.6.7 y versiones 11.7.x anteriores a 11.7 .2. Presenta un Control de Acceso Incorrecto. Los usuarios invitados son capaces de agregar emojis de reacci\u00f3n sobre los comentarios a los que no tienen visibilidad." } ], "metrics": { "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW" }, "exploitabilityScore": 2.2, "impactScore": 1.4 } ], "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "availabilityImpact": "NONE", "baseScore": 4.3 }, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.6, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "versionStartIncluding": "8.9.0", "versionEndIncluding": "8.17.8", "matchCriteriaId": "B536E005-10A9-4565-9869-7224AAF6648E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "versionStartIncluding": "8.9.0", "versionEndIncluding": "8.17.8", "matchCriteriaId": "F6C96F7D-F00D-46CC-BB02-4D4ABB18EFDE" }, { "vulnerable": true, "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "versionStartIncluding": "9.0.0", "versionEndIncluding": "9.5.10", "matchCriteriaId": "9B7A2187-0C1C-4B6C-8F1F-5317331A3C0B" }, { "vulnerable": true, "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "versionStartIncluding": "9.0.0", "versionEndIncluding": "9.5.10", "matchCriteriaId": "6B3402C2-32D0-4B4E-B889-07863D0BAF3B" }, { "vulnerable": true, "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "versionStartIncluding": "10.0.0", "versionEndIncluding": "10.8.6", "matchCriteriaId": "CE674BC6-C506-4C78-BFF9-9712287335A1" }, { "vulnerable": true, "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "versionStartIncluding": "10.0.0", "versionEndIncluding": "10.8.6", "matchCriteriaId": "D40668CD-9579-41E6-A7DD-0781C7A6821D" }, { "vulnerable": true, "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "versionStartIncluding": "11.0.0", "versionEndExcluding": "11.5.9", "matchCriteriaId": "1D057D26-5077-4099-A59E-55DA0511D96B" }, { "vulnerable": true, "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "versionStartIncluding": "11.0.0", "versionEndExcluding": "11.5.9", "matchCriteriaId": "5639D450-3B78-4734-88DF-E2B092BD9FF2" }, { "vulnerable": true, "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "versionStartIncluding": "11.6.0", "versionEndExcluding": "11.6.7", "matchCriteriaId": "F874EDD7-9C84-4679-B331-92BC00479C8C" }, { "vulnerable": true, "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "versionStartIncluding": "11.6.0", "versionEndExcluding": "11.6.7", "matchCriteriaId": "BED534AF-E1D1-4EBE-8B76-347F917CCD7A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "versionStartIncluding": "11.7.0", "versionEndExcluding": "11.7.2", "matchCriteriaId": "F59BB2A7-BEF2-469C-B2E1-186F3238B588" }, { "vulnerable": true, "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "versionStartIncluding": "11.7.0", "versionEndExcluding": "11.7.2", "matchCriteriaId": "407E2D05-7924-4F3B-A91B-DCEDB1E674C3" } ] } ] } ], "references": [ { "url": "https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/", "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ] }, { "url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/51332", "source": "cve@mitre.org", "tags": [ "Exploit", "Vendor Advisory" ] } ] }