CVE-2019-13009Uncontrolled Resource Consumption in Gitlab

CWE-400Uncontrolled Resource ConsumptionCWE-732Incorrect Permission Assignment4 documents4 sources
Severity
6.5MEDIUMNVD
EPSS
0.1%
top 67.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Debian GitlabGitlab
Timeline
PublishedMar 10
Latest updateMay 24

Description

An issue was discovered in GitLab Community and Enterprise Edition 9.2 through 12.0.2. Uploaded files associated with unsaved personal snippets were accessible to unauthorized users due to improper permission settings. It has Incorrect Access Control.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

debiandebian/gitlab< gitlab 12.6.8-3 (sid)
NVDgitlab/gitlab9.2.012.0.2
gitlabgitlab/gitlab

🔴Vulnerability Details

1
GHSA
GHSA-5xvc-mqqw-gm7p: An issue was discovered in GitLab Community and Enterprise Edition 92022-05-24

📋Vendor Advisories

2
GitLab
CVE-2019-13009: An issue was discovered in GitLab Community and Enterprise Edition 9.2 through 12.0.2. Uploaded files associated with unsaved personal snippets were a2020-03-10
Debian
CVE-2019-13009: gitlab - An issue was discovered in GitLab Community and Enterprise Edition 9.2 through 1...2019