CVE-2019-10112

high

Description

An issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. The construction of the HMAC key was insecurely derived.

References

https://gitlab.com/gitlab-org/gitlab-ee/issues/9730

https://about.gitlab.com/blog/categories/releases/

https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released/

Details

Source: MITRE

Published: 2019-05-16

Updated: 2021-07-21

Type: CWE-320

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Impact Score: 3.6

Exploitability Score: 3.9

Severity: HIGH