cve-2018-16049
Vulnerability from cvelistv5
Published
2018-10-03 16:00
Modified
2024-08-05 10:10
Severity
Summary
An issue was discovered in GitLab Community and Enterprise Edition before 11.0.6, 11.1.x before 11.1.5, and 11.2.x before 11.2.2. There is Sensitive Data Disclosure in Sidekiq Logs through an Error Message.
References
| Source | URL | Tags |
|---|---|---|
| cve@mitre.org | https://about.gitlab.com/2018/08/28/security-release-gitlab-11-dot-2-dot-2-released/ | Vendor Advisory |
| cve@mitre.org | https://gitlab.com/gitlab-org/gitlab-ce/issues/46967 | Exploit, Vendor Advisory |
| cve@mitre.org | https://gitlab.com/gitlab-org/gitlab-ce/issues/49272 | Exploit, Vendor Advisory |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:10:05.810Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/46967"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://about.gitlab.com/2018/08/28/security-release-gitlab-11-dot-2-dot-2-released/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/49272"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-05-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in GitLab Community and Enterprise Edition before 11.0.6, 11.1.x before 11.1.5, and 11.2.x before 11.2.2. There is Sensitive Data Disclosure in Sidekiq Logs through an Error Message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-03T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/46967"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://about.gitlab.com/2018/08/28/security-release-gitlab-11-dot-2-dot-2-released/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/49272"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16049",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in GitLab Community and Enterprise Edition before 11.0.6, 11.1.x before 11.1.5, and 11.2.x before 11.2.2. There is Sensitive Data Disclosure in Sidekiq Logs through an Error Message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.com/gitlab-org/gitlab-ce/issues/46967",
"refsource": "CONFIRM",
"url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/46967"
},
{
"name": "https://about.gitlab.com/2018/08/28/security-release-gitlab-11-dot-2-dot-2-released/",
"refsource": "CONFIRM",
"url": "https://about.gitlab.com/2018/08/28/security-release-gitlab-11-dot-2-dot-2-released/"
},
{
"name": "https://gitlab.com/gitlab-org/gitlab-ce/issues/49272",
"refsource": "CONFIRM",
"url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/49272"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-16049",
"datePublished": "2018-10-03T16:00:00",
"dateReserved": "2018-08-28T00:00:00",
"dateUpdated": "2024-08-05T10:10:05.810Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2018-16049\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2018-10-03T16:29:00.463\",\"lastModified\":\"2018-12-04T19:43:27.327\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue was discovered in GitLab Community and Enterprise Edition before 11.0.6, 11.1.x before 11.1.5, and 11.2.x before 11.2.2. There is Sensitive Data Disclosure in Sidekiq Logs through an Error Message.\"},{\"lang\":\"es\",\"value\":\"Se ha descubierto un problema en las ediciones Community y Enterprise de GitLab, en versiones anteriores a la 11.0.6, versiones 11.1.x anteriores a la 11.1.5 y versiones 11.2.x anteriores a la 11.2.2. Hay una divulgaci\u00f3n de datos sensibles en los logs Sidekiq mediante un mensaje de error.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":5.0},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-532\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*\",\"versionStartIncluding\":\"8.10.0\",\"versionEndExcluding\":\"11.0.6\",\"matchCriteriaId\":\"5504E335-CB71-4CDB-B8EA-9C987F67C330\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*\",\"versionStartIncluding\":\"8.10.0\",\"versionEndExcluding\":\"11.0.6\",\"matchCriteriaId\":\"BE7373AC-4676-4157-AB70-E5D74D579E52\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*\",\"versionStartIncluding\":\"11.1.0\",\"versionEndExcluding\":\"11.1.5\",\"matchCriteriaId\":\"65F31A05-8761-4EBC-8EC2-E3C5246D3D36\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*\",\"versionStartIncluding\":\"11.1.0\",\"versionEndExcluding\":\"11.1.5\",\"matchCriteriaId\":\"E56022FE-6145-452C-AAB5-F7DC59BFDF7B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*\",\"versionStartIncluding\":\"11.2.0\",\"versionEndExcluding\":\"11.2.2\",\"matchCriteriaId\":\"FA04BE89-2E28-4175-BE89-FA15B4E8EE99\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*\",\"versionStartIncluding\":\"11.2.0\",\"versionEndExcluding\":\"11.2.2\",\"matchCriteriaId\":\"42E3481C-50E6-4C84-A464-AC37309A1FED\"}]}]}],\"references\":[{\"url\":\"https://about.gitlab.com/2018/08/28/security-release-gitlab-11-dot-2-dot-2-released/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://gitlab.com/gitlab-org/gitlab-ce/issues/46967\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"https://gitlab.com/gitlab-org/gitlab-ce/issues/49272\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]}]}}"
}
}
Loading...