cve-2019-10111
Vulnerability from cvelistv5
Published
2019-05-15 19:28
Modified
2024-08-04 22:10
Severity
Summary
An issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. It allows persistent XSS in the merge request "resolve conflicts" page.
References
| Source | URL | Tags |
|---|---|---|
| cve@mitre.org | https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released/ | Release Notes, Vendor Advisory |
| cve@mitre.org | https://about.gitlab.com/blog/categories/releases/ | Release Notes, Vendor Advisory |
| cve@mitre.org | https://gitlab.com/gitlab-org/gitlab-ce/issues/56927 | Exploit, Vendor Advisory |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:10:09.774Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://about.gitlab.com/blog/categories/releases/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/56927"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-01-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. It allows persistent XSS in the merge request \"resolve conflicts\" page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-15T19:28:49",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://about.gitlab.com/blog/categories/releases/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/56927"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-10111",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. It allows persistent XSS in the merge request \"resolve conflicts\" page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://about.gitlab.com/blog/categories/releases/",
"refsource": "MISC",
"url": "https://about.gitlab.com/blog/categories/releases/"
},
{
"name": "https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released/",
"refsource": "MISC",
"url": "https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released/"
},
{
"name": "https://gitlab.com/gitlab-org/gitlab-ce/issues/56927",
"refsource": "MISC",
"url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/56927"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-10111",
"datePublished": "2019-05-15T19:28:49",
"dateReserved": "2019-03-26T00:00:00",
"dateUpdated": "2024-08-04T22:10:09.774Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2019-10111\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2019-05-15T20:29:00.650\",\"lastModified\":\"2019-05-16T01:40:52.910\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. It allows persistent XSS in the merge request \\\"resolve conflicts\\\" page.\"},{\"lang\":\"es\",\"value\":\"Se descubri\u00f3 un problermaff en GitLab Community and Enterprise Edition anterior a la versi\u00f3n 11.7.8, versi\u00f3n 11.8.x anterior a la 11.8.4 y versi\u00f3n 11.9.x anterior a la 11.9.2. Permite XSS continuo en la p\u00e1gina de solicitud de fusi\u00f3n \\\"resolve conflicts\\\".\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\",\"baseScore\":5.4,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":2.3,\"impactScore\":2.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:S/C:N/I:P/A:N\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\",\"baseScore\":3.5},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":6.8,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*\",\"versionEndExcluding\":\"11.7.8\",\"matchCriteriaId\":\"6512499B-A054-44FD-B233-18FDB4352149\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*\",\"versionEndExcluding\":\"11.7.8\",\"matchCriteriaId\":\"5F337BCF-E927-4F9A-B578-8D3BF4BF1BA0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*\",\"versionStartIncluding\":\"11.8.0\",\"versionEndExcluding\":\"11.8.4\",\"matchCriteriaId\":\"75395889-A145-4027-B09A-C79558A6FCBE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*\",\"versionStartIncluding\":\"11.8.0\",\"versionEndExcluding\":\"11.8.4\",\"matchCriteriaId\":\"5BEABDC6-7DCC-4C95-8CD7-8F834F2EF5FD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*\",\"versionStartIncluding\":\"11.9.0\",\"versionEndExcluding\":\"11.9.2\",\"matchCriteriaId\":\"54A0F503-7F38-401F-AC54-E5E10CFC1B1D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*\",\"versionStartIncluding\":\"11.9.0\",\"versionEndExcluding\":\"11.9.2\",\"matchCriteriaId\":\"B6F651B7-7BAD-4247-9E27-BA0FC363C718\"}]}]}],\"references\":[{\"url\":\"https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://about.gitlab.com/blog/categories/releases/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://gitlab.com/gitlab-org/gitlab-ce/issues/56927\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]}]}}"
}
}
Loading...