CVE-2019-11218

HIGH

Bonobo Git Server < 6.5.0 - Authenticated Privilege Escalation via User Profile Parameter Injection

Title source: llm
STIX 2.1

Description

Improper handling of extra parameters in the AccountController (User Profile edit) in Jakub Chodounsky Bonobo Git Server before 6.5.0 allows authenticated users to gain application administrator privileges via additional form parameter submissions.

References (2)

Core 2
Core References
Release Notes, Third Party Advisory x_refsource_confirm
https://bonobogitserver.com/changelog/#version-650
Third Party Advisory x_refsource_misc
https://flab.cesnet.cz/advisories/cve-2019-11218

Scores

CVSS v3 8.8
EPSS 0.0118
EPSS Percentile 63.9%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-20
Status published
Products (1)
bonobogitserver/bonobo_git_server < 6.5.0
Published Apr 24, 2019
Tracked Since Feb 18, 2026