CVE-2019-11218 — HIGH (8.8)

Q: How severe is CVE-2019-11218?

CVE-2019-11218 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-11218?

Check the references section above for vendor advisories and patch information. Affected products include: Bonobogitserver Bonobo Git Server.

Vulnerability Description

Improper handling of extra parameters in the AccountController (User Profile edit) in Jakub Chodounsky Bonobo Git Server before 6.5.0 allows authenticated users to gain application administrator privileges via additional form parameter submissions.

CVSS Score

8.8

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Bonobogitserver	Bonobo Git Server	< 6.5.0

Related Weaknesses (CWE)

CWE-20

References

https://bonobogitserver.com/changelog/#version-650Release NotesThird Party Advisory
https://flab.cesnet.cz/advisories/cve-2019-11218Third Party Advisory
https://bonobogitserver.com/changelog/#version-650Release NotesThird Party Advisory
https://flab.cesnet.cz/advisories/cve-2019-11218Third Party Advisory

FAQ

What is CVE-2019-11218?

CVE-2019-11218 is a vulnerability with a CVSS score of 8.8 (HIGH). Improper handling of extra parameters in the AccountController (User Profile edit) in Jakub Chodounsky Bonobo Git Server before 6.5.0 allows authenticated users to gain application administrator privi...

How severe is CVE-2019-11218?

CVE-2019-11218 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-11218?

Check the references section above for vendor advisories and patch information. Affected products include: Bonobogitserver Bonobo Git Server.