CVE-2019-10640

Published May 15, 2019

Last updated 4 years ago

Overview

Description: An issue was discovered in GitLab Community and Enterprise Edition before 11.7.10, 11.8.x before 11.8.6, and 11.9.x before 11.9.4. A regex input validation issue for the .gitlab-ci.yml refs value allows Uncontrolled Resource Consumption.
Source: cve@mitre.org
NVD status: Analyzed

Hype score: Not currently trending

Risk scores

CVSS 3.0

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:N/I:N/A:P

Weaknesses

nvd@nist.gov: CWE-77

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3BC16B2C-A133-46BA-BD16-9FDE2116E1E2",
            "versionEndExcluding": "11.7.10"
          },
          {
            "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5AC36F07-61F6-4611-827F-B1C915E29ECD",
            "versionEndExcluding": "11.7.10"
          },
          {
            "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ECECA9C3-55A4-4AAF-8555-0E1A1FBA88CF",
            "versionEndExcluding": "11.8.6",
            "versionStartIncluding": "11.8.0"
          },
          {
            "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CAADC30C-E08D-4165-B0A4-B55234E45651",
            "versionEndExcluding": "11.8.6",
            "versionStartIncluding": "11.8.0"
          },
          {
            "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F90B9033-D2FE-4FEE-BCE0-654981548A1B",
            "versionEndExcluding": "11.9.4",
            "versionStartIncluding": "11.9.0"
          },
          {
            "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FAA7C06F-4DF8-4113-BC6F-B582DFE5BD34",
            "versionEndExcluding": "11.9.4",
            "versionStartIncluding": "11.9.0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Configurations

References