Vulnerability Details CVE-2019-11218
Improper handling of extra parameters in the AccountController (User Profile edit) in Jakub Chodounsky Bonobo Git Server before 6.5.0 allows authenticated users to gain application administrator privileges via additional form parameter submissions.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.009
EPSS Ranking 74.2%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.5
References
Products affected by CVE-2019-11218
-
cpe:2.3:a:bonobogitserver:bonobo_git_server:1.1.0
-
cpe:2.3:a:bonobogitserver:bonobo_git_server:1.2.0
-
cpe:2.3:a:bonobogitserver:bonobo_git_server:1.3.0
-
cpe:2.3:a:bonobogitserver:bonobo_git_server:2.0
-
cpe:2.3:a:bonobogitserver:bonobo_git_server:2.0.1
-
cpe:2.3:a:bonobogitserver:bonobo_git_server:2.1
-
cpe:2.3:a:bonobogitserver:bonobo_git_server:3.0.0
-
cpe:2.3:a:bonobogitserver:bonobo_git_server:3.1.0
-
cpe:2.3:a:bonobogitserver:bonobo_git_server:3.2.0
-
cpe:2.3:a:bonobogitserver:bonobo_git_server:3.3.0
-
cpe:2.3:a:bonobogitserver:bonobo_git_server:3.4.0
-
cpe:2.3:a:bonobogitserver:bonobo_git_server:3.4.1
-
cpe:2.3:a:bonobogitserver:bonobo_git_server:3.4.2
-
cpe:2.3:a:bonobogitserver:bonobo_git_server:3.4.3
-
cpe:2.3:a:bonobogitserver:bonobo_git_server:3.5.0
-
cpe:2.3:a:bonobogitserver:bonobo_git_server:3.6.0
-
cpe:2.3:a:bonobogitserver:bonobo_git_server:4.0.0
-
cpe:2.3:a:bonobogitserver:bonobo_git_server:5.0.0
-
cpe:2.3:a:bonobogitserver:bonobo_git_server:5.0.1
-
cpe:2.3:a:bonobogitserver:bonobo_git_server:5.1
-
cpe:2.3:a:bonobogitserver:bonobo_git_server:5.1.1
-
cpe:2.3:a:bonobogitserver:bonobo_git_server:5.2
-
cpe:2.3:a:bonobogitserver:bonobo_git_server:6.0.0
-
cpe:2.3:a:bonobogitserver:bonobo_git_server:6.1.0
-
cpe:2.3:a:bonobogitserver:bonobo_git_server:6.2.0
-
cpe:2.3:a:bonobogitserver:bonobo_git_server:6.2.1
-
cpe:2.3:a:bonobogitserver:bonobo_git_server:6.2.2
-
cpe:2.3:a:bonobogitserver:bonobo_git_server:6.3.0
-
cpe:2.3:a:bonobogitserver:bonobo_git_server:6.4.0