4.3

CVE-2019-12825

EPSS 0.06%
Veröffentlicht 17.02.2020 14:15:11
Zuletzt bearbeitet 21.11.2024 04:23:39
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Unauthorized Access to the Container Registry of other groups was discovered in GitLab Enterprise 12.0.0-pre. In other words, authenticated remote attackers can read Docker registries of other groups. When a legitimate user changes the path of a group, Docker registries are not adapted, leaving them in the old namespace. They are not protected and are available to all other users with no previous access to the repo.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Gitlab ≫ Gitlab SwEditionenterprise Version >= 12.0.1 < 12.5.0

Gitlab ≫ Gitlab Version12.0.0 Update- SwEditionenterprise

Gitlab ≫ Gitlab Version12.0.0 Updatepre SwEditionenterprise

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.177

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:P/I:N/A:N

CWE-922 Insecure Storage of Sensitive Information

The product stores sensitive information without properly limiting read or write access by unauthorized actors.

https://about.gitlab.com/blog/categories/releases/

Vendor Advisory

Release Notes

https://atomic111.github.io/article/gitlab-Unauthorized-Access-to-Container-Registry

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-12825

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-12825

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-12825

EUVD