Exploit Cybersecurity study of the dark web exposes vulnerability to machine identities -- ScienceDaily

Published on April 26th, 2019 📆 | 5463 Views ⚑


GitLab Community Edition/Enterprise Edition up to 11.3.9/11.4.5/11.5.0-rc11 Access Control privilege escalation

CVSS Meta Temp Score Current Exploit Price (≈)
6.0 $0-$5k

A vulnerability, which was classified as critical, has been found in GitLab Community Edition and Enterprise Edition up to 11.3.9/11.4.5/11.5.0-rc11. Affected by this issue is some functionality of the component Access Control. The manipulation with an unknown input leads to a privilege escalation vulnerability. Using CWE to declare the problem leads to CWE-269. Impacted is confidentiality, integrity, and availability.

The weakness was disclosed 04/25/2019. This vulnerability is handled as CVE-2018-19359 since 11/18/2018. The attack may be launched remotely. The technical details are unknown and an exploit is not available.

The vulnerability scanner Nessus provides a plugin with the ID 119058 (FreeBSD : Gitlab — Multiple vulnerabilities (d889d32c-ecd9-11e8-9416-001b217b3468)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family FreeBSD Local Security Checks and running in the context local.

Upgrading to version 11.3.10, 11.4.6 or 11.5.0-rc12 eliminates this vulnerability. A possible mitigation has been published before and not just after the disclosure of the vulnerability.

The entries 134099 are pretty similar.



VulDB Meta Base Score: 6.3
VulDB Meta Temp Score: 6.0

VulDB Base Score: 6.3
VulDB Temp Score: 6.0
VulDB Vector: ?
VulDB Reliability: ?

VulDB Base Score: ?
VulDB Temp Score: ?
VulDB Reliability: ?
Class: Privilege escalation (CWE-269)
Local: No
Remote: Yes

Availability: ?
Status: Not defined

Price Prediction: ?
Current Price Estimation: ?

Nessus ID: 119058
Nessus Name: FreeBSD : Gitlab — Multiple vulnerabilities (d889d32c-ecd9-11e8-9416-001b217b3468)
Nessus File: ?
Nessus Risk: ?
Nessus Family: ?
Nessus Context: ?

Threat Intelligenceinfoedit

Threat: ?
Adversaries: ?
Geopolitics: ?
Economy: ?
Predictions: ?
Remediation: ?Recommended: Upgrade
Status: ?
0-Day Time: ?

Upgrade: Community Edition/Enterprise Edition 11.3.10/11.4.6/11.5.0-rc12

11/18/2018 CVE assigned
11/20/2018 +2 days Countermeasure disclosed
11/21/2018 +1 days Nessus plugin released
04/25/2019 +155 days Advisory disclosed
04/26/2019 +1 days VulDB entry created
04/26/2019 +0 days VulDB last updateCVE: CVE-2018-19359 (?)
See also: ?Created: 04/26/2019 08:19 AM
Complete: ?


No comments yet. Please log in to comment.

Enable the mail alert feature now!


Free Download WordPress Themes
Download WordPress Themes
Download Nulled WordPress Themes
Download Nulled WordPress Themes
online free course

Tagged with:

Leave a Reply ✍