GitLab Ä£°æAPIĿ¼±éÀú·ì϶°²È«¹«¸æ

°ä²¼¹¦·ò 2018-12-11

·ì϶±àºÅºÍ¼¶±ð



CVE±àºÅ£ºCVE-2018-19856 £¬Î£ÏÕ¼¶±ð£ºÑϳÁ £¬CVSS·ÖÖµ£º¹Ù·½Î´ÆÀ¶¨



Ó°Ïì°æ±¾



GitLab CE / EE 8.11 ¼°Ö®ºóµÄ°æ±¾



·ì϶¸ÅÊö



GitLab ÊÇÒ»¸öÓÃÓÚ²Ö¿âÖÎÀíϵͳµÄ¿ªÔ´ÏîÄ¿ £¬Ê¹Óà Git ×÷Ϊ´úÂëÖÎÀí¹¤¾ß £¬²¢ÔÚ´Ë»ù´¡ÉϴÆðÀ´µÄ web ·þÎñ¡£

GitLab Ä£°æ API ´æÔÚĿ¼±éÀú·ì϶ £¬¹¥»÷ÕßÄܹ»Í¨¹ý¸Ã·ì϶½Ó¼û GitLab ·þÎñÆ÷ÉϵÄËÁÒâÎļþ £¬´æÔÚÃô¸ÐÐÅϢй¶µÄ·çÏÕ¡£



·ì϶ÑéÖ¤



ÔÝÎÞPOC/EXP¡£



½¨¸´½¨Òé



¸üÐÂGitLab CE / EE ÖÁ11.5.3¡¢11.4.10 »ò11.3.12 ÖеÄËÁÒâÒ»¸ö°æ±¾

FreeBSDÌṩÁ˸üÐÂ

http://www.vuxml.org/freebsd/9d3428d4-f98c-11e8-a148-001b217b3468.html



²Î¿¼Á´½Ó



https://about.gitlab.com/2018/12/06/critical-security-release-gitlab-11-dot-5-dot-3-released/