cve-2019-10640
Vulnerability from cvelistv5
Published
2019-05-15 18:58
Modified
2024-08-04 22:31
Severity
Summary
An issue was discovered in GitLab Community and Enterprise Edition before 11.7.10, 11.8.x before 11.8.6, and 11.9.x before 11.9.4. A regex input validation issue for the .gitlab-ci.yml refs value allows Uncontrolled Resource Consumption.
References
| Source | URL | Tags |
|---|---|---|
| cve@mitre.org | https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released/ | Release Notes, Vendor Advisory |
| cve@mitre.org | https://about.gitlab.com/blog/categories/releases/ | Release Notes, Vendor Advisory |
| cve@mitre.org | https://gitlab.com/gitlab-org/gitlab-ce/issues/49665 | Exploit, Vendor Advisory |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:31:59.943Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://about.gitlab.com/blog/categories/releases/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/49665"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-07-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in GitLab Community and Enterprise Edition before 11.7.10, 11.8.x before 11.8.6, and 11.9.x before 11.9.4. A regex input validation issue for the .gitlab-ci.yml refs value allows Uncontrolled Resource Consumption."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-15T18:58:17",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://about.gitlab.com/blog/categories/releases/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/49665"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-10640",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in GitLab Community and Enterprise Edition before 11.7.10, 11.8.x before 11.8.6, and 11.9.x before 11.9.4. A regex input validation issue for the .gitlab-ci.yml refs value allows Uncontrolled Resource Consumption."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://about.gitlab.com/blog/categories/releases/",
"refsource": "MISC",
"url": "https://about.gitlab.com/blog/categories/releases/"
},
{
"name": "https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released/",
"refsource": "MISC",
"url": "https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released/"
},
{
"name": "https://gitlab.com/gitlab-org/gitlab-ce/issues/49665",
"refsource": "MISC",
"url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/49665"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-10640",
"datePublished": "2019-05-15T18:58:17",
"dateReserved": "2019-03-29T00:00:00",
"dateUpdated": "2024-08-04T22:31:59.943Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2019-10640\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2019-05-15T19:29:00.257\",\"lastModified\":\"2020-08-24T17:37:01.140\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue was discovered in GitLab Community and Enterprise Edition before 11.7.10, 11.8.x before 11.8.6, and 11.9.x before 11.9.4. A regex input validation issue for the .gitlab-ci.yml refs value allows Uncontrolled Resource Consumption.\"},{\"lang\":\"es\",\"value\":\"Se encontr\u00f3 un problema en GitLab Community and Enterprise Edition anterior11.7.10, 11.8.x anterior 11.8.6, and 11.9.x anterior 11.9.4.Un problema de validaci\u00f3n de entrada de expresiones regulares para el valor de refs .gitlab-ci.yml permite el consumo de recursos no controlados.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\",\"baseScore\":5.0},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-77\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*\",\"versionEndExcluding\":\"11.7.10\",\"matchCriteriaId\":\"3BC16B2C-A133-46BA-BD16-9FDE2116E1E2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*\",\"versionEndExcluding\":\"11.7.10\",\"matchCriteriaId\":\"5AC36F07-61F6-4611-827F-B1C915E29ECD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*\",\"versionStartIncluding\":\"11.8.0\",\"versionEndExcluding\":\"11.8.6\",\"matchCriteriaId\":\"ECECA9C3-55A4-4AAF-8555-0E1A1FBA88CF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*\",\"versionStartIncluding\":\"11.8.0\",\"versionEndExcluding\":\"11.8.6\",\"matchCriteriaId\":\"CAADC30C-E08D-4165-B0A4-B55234E45651\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*\",\"versionStartIncluding\":\"11.9.0\",\"versionEndExcluding\":\"11.9.4\",\"matchCriteriaId\":\"F90B9033-D2FE-4FEE-BCE0-654981548A1B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*\",\"versionStartIncluding\":\"11.9.0\",\"versionEndExcluding\":\"11.9.4\",\"matchCriteriaId\":\"FAA7C06F-4DF8-4113-BC6F-B582DFE5BD34\"}]}]}],\"references\":[{\"url\":\"https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://about.gitlab.com/blog/categories/releases/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://gitlab.com/gitlab-org/gitlab-ce/issues/49665\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]}]}}"
}
}
Loading...