nvd-json-data-feeds/CVE-2019/CVE-2019-69xx/CVE-2019-6996.json

{
  "id": "CVE-2019-6996",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2019-09-09T20:15:12.697",
  "lastModified": "2020-08-24T17:37:01.140",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in GitLab Enterprise Edition 10.x (starting in 10.6) and 11.x before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control. The merge request approvers section has an access control issue that permits project maintainers to view membership of private groups."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 un problema en GitLab Enterprise Edition versiones 10.x (a partir de la 10.6) y versiones 11.x anteriores a 11.5.8, versiones 11.6.x anteriores a 11.6.6 y versiones 11.7.x anteriores a 11.7.1. Presenta un Control de Acceso Incorrecto. La secci\u00f3n de aprobadores de peticiones de fusi\u00f3n presenta un problema de control de acceso que permite a los mantenedores del proyecto visualizar el numero de miembros de grupos privados."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "SINGLE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-269"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
              "versionStartIncluding": "10.6.0",
              "versionEndIncluding": "10.8.7",
              "matchCriteriaId": "94907C86-15C5-4560-A1AF-01935D029F8A"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
              "versionStartIncluding": "10.6.0",
              "versionEndIncluding": "10.8.7",
              "matchCriteriaId": "0DF1771E-338F-4653-B333-B79201BBAD04"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
              "versionStartIncluding": "11.0.0",
              "versionEndExcluding": "11.5.8",
              "matchCriteriaId": "FAC5BA5A-3493-4495-AD33-97CD61A04C59"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
              "versionStartIncluding": "11.0.0",
              "versionEndExcluding": "11.5.8",
              "matchCriteriaId": "B4FF27FC-A5B8-43DE-865C-60F7F2AE7F64"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
              "versionStartIncluding": "11.6.0",
              "versionEndExcluding": "11.6.6",
              "matchCriteriaId": "794CA42E-5409-455B-956C-21BC431E0B98"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
              "versionStartIncluding": "11.6.0",
              "versionEndExcluding": "11.6.6",
              "matchCriteriaId": "35A01A1A-A0F1-4952-B15A-A898FD185B3F"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
              "versionStartIncluding": "11.7.0",
              "versionEndExcluding": "11.7.1",
              "matchCriteriaId": "3BAE4B6C-8F1F-4C42-ADF9-A9CBD3895C68"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
              "versionStartIncluding": "11.7.0",
              "versionEndExcluding": "11.7.1",
              "matchCriteriaId": "3A67FE77-4048-41B8-8734-CA62393ED632"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/",
      "source": "cve@mitre.org",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ]
    },
    {
      "url": "https://gitlab.com/gitlab-org/gitlab-ee/issues/8187",
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ]
    }
  ]
}