CVE-2019-6960 — Gitlab vulnerability
5 documents5 sources
Severity
9.8CRITICALNVD
EPSS
0.7%
top 27.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedSep 9
Latest updateMay 24
Description
An issue was discovered in GitLab Community and Enterprise Edition 9.x, 10.x, and 11.x before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control. Access to the internal wiki is permitted when an external wiki service is enabled.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9
Affected Packages3 packages
🔴Vulnerability Details
1GHSA▶
GHSA-f3mf-g3hh-m9vw: An issue was discovered in GitLab Community and Enterprise Edition 9↗2022-05-24
📋Vendor Advisories
2GitLab▶
CVE-2019-6960: An issue was discovered in GitLab Community and Enterprise Edition 9.x, 10.x, and 11.x before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1.↗2019-09-09
Debian▶
CVE-2019-6960: gitlab - An issue was discovered in GitLab Community and Enterprise Edition 9.x, 10.x, an...↗2019
💬Community
1Bugzilla▶
CVE-2019-10158 infinispan: Session fixation protection broken for Spring Session integration↗2019-05-27