5
CVSSv2

CVE-2016-9469

Published: 28/03/2017 Updated: 09/10/2019
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 8.2 | Impact Score: 4.2 | Exploitability Score: 3.9
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Vulnerability Summary

Multiple versions of GitLab expose a dangerous method to any authenticated user that could lead to the deletion of all Issue and MergeRequest objects on a GitLab instance. For GitLab instances with publicly available projects this vulnerability could be exploited by an unauthenticated user. A fix was included in versions 8.14.3, 8.13.8, and 8.12.11, which were released on December 5th 2016 at 3:59 PST. The GitLab versions vulnerable to this are 8.13.0, 8.13.0-ee, 8.13.1, 8.13.1-ee, 8.13.2, 8.13.2-ee, 8.13.3, 8.13.3-ee, 8.13.4, 8.13.4-ee, 8.13.5, 8.13.5-ee, 8.13.6, 8.13.6-ee, 8.13.7, 8.14.0, 8.14.0-ee, 8.14.1, 8.14.2, and 8.14.2-ee.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.
Vulnerable Product Search on Vulmon Subscribe to Product

gitlab gitlab 8.13.0

gitlab gitlab 8.13.1

gitlab gitlab 8.14.0

gitlab gitlab 8.14.1

gitlab gitlab 8.13.4

gitlab gitlab 8.13.5

gitlab gitlab 8.13.2

gitlab gitlab 8.13.3

gitlab gitlab 8.13.6

gitlab gitlab 8.13.7

gitlab gitlab 8.14.2

Vendor Advisories

Debian Bug report logs - #847157 gitlab: CVE-2016-9469 Package: src:gitlab; Maintainer for src:gitlab is Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 6 Dec 2016 06:24:01 UTC Severity: grave Tags: security, upstr ...