GitLab Community Edition/Enterprise Edition up to 11.7.7/11.8.3/11.9.1 HMAC Key unknown vulnerability
| CVSS Meta Temp Score | Current Exploit Price (≈) |
|---|---|
| 5.3 | $0-$5k |
A vulnerability was found in GitLab Community Edition and Enterprise Edition up to 11.7.7/11.8.3/11.9.1 and classified as problematic. This issue affects a part of the component HMAC Key Handler. The impact remains unknown. The summary by CVE is:
An issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. The construction of the HMAC key was insecurely derived.
The weakness was shared 05/16/2019. The identification of this vulnerability is CVE-2019-10112 since 03/26/2019. Neither technical details nor an exploit are publicly available. The price for an exploit might be around USD $0-$5k at the moment (estimation calculated on 05/17/2019).
Upgrading to version 11.7.8, 11.8.4 or 11.9.2 eliminates this vulnerability.
The issues 135150, 135151, 135152 and 135153 are related to this entry.
Vendor
Name
Class: Unknown
Local: Yes
Remote: No
Availability: ?
Status: Not defined
Price Prediction: ?
Current Price Estimation: ?
| 0-Day | unlock | unlock | unlock | unlock |
|---|---|---|---|---|
| Today | unlock | unlock | unlock | unlock |
Threat Intelligence
Threat: ?
Adversaries: ?
Geopolitics: ?
Economy: ?
Predictions: ?
Remediation: ?Recommended: Upgrade
Status: ?
0-Day Time: ?
Upgrade: Community Edition/Enterprise Edition 11.7.8/11.8.4/11.9.2
03/26/2019 CVE assigned
05/16/2019 Advisory disclosed
05/17/2019 VulDB entry created
05/17/2019 VulDB last updateStatus: Confirmed
CVE: CVE-2019-10112 (?)
See also: ?
Created: 05/17/2019 07:24 AM
Complete: ?
Comments
Check our Alexa App!
https://vuldb.com/?id.135149
Comments are closed.
No comments yet. Please log in to comment.