GitLab Ä£°æAPIĿ¼±éÀúÎó²îÇ徲ͨ¸æ

Ðû²¼Ê±¼ä 2018-12-11

Îó²î±àºÅºÍ¼¶±ð



CVE±àºÅ£ºCVE-2018-19856 £¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£ºÑÏÖØ £¬£¬£¬£¬£¬CVSS·ÖÖµ£º¹Ù·½Î´ÆÀ¶¨



Ó°Ïì°æ±¾



GitLab CE / EE 8.11 ¼°Ö®ºóµÄ°æ±¾



Îó²î¸ÅÊö



GitLab ÊÇÒ»¸öÓÃÓÚ¿ÍÕ»ÖÎÀíϵͳµÄ¿ªÔ´ÏîÄ¿ £¬£¬£¬£¬£¬Ê¹Óà Git ×÷Ϊ´úÂëÖÎÀí¹¤¾ß £¬£¬£¬£¬£¬²¢ÔÚ´Ë»ù´¡ÉϴÆðÀ´µÄ web ЧÀÍ ¡£¡£¡£¡£

GitLab Ä£°æ API ±£´æĿ¼±éÀúÎó²î £¬£¬£¬£¬£¬¹¥»÷Õß¿ÉÒÔͨ¹ý¸ÃÎó²î»á¼û GitLab ЧÀÍÆ÷ÉϵÄí§ÒâÎļþ £¬£¬£¬£¬£¬±£´æÃô¸ÐÐÅϢ鶵ÄΣº¦ ¡£¡£¡£¡£



Îó²îÑéÖ¤



ÔÝÎÞPOC/EXP ¡£¡£¡£¡£



ÐÞ¸´½¨Òé



¸üÐÂGitLab CE / EE ÖÁ11.5.3¡¢11.4.10 »ò11.3.12 ÖеÄí§ÒâÒ»¸ö°æ±¾

FreeBSDÌṩÁ˸üÐÂ

http://www.vuxml.org/freebsd/9d3428d4-f98c-11e8-a148-001b217b3468.html



²Î¿¼Á´½Ó



https://about.gitlab.com/2018/12/06/critical-security-release-gitlab-11-dot-5-dot-3-released/