CVE-2019-15730

Name of the Vulnerable Software and Affected Versions GitLab Community and Enterprise Edition versions 8.14 through 12.2.1

Description An issue was discovered in the Jira integration, which contains a Server-Side Request Forgery (SSRF) vulnerability. This vulnerability is a result of a bypass of the current protection mechanisms against this type of attack. It would allow sending requests to any resources accessible in the local network by the GitLab server.

Recommendations For GitLab Community and Enterprise Edition versions 8.14 through 12.2.1, consider disabling the Jira integration as a temporary workaround until a patch is available. Restrict access to the Jira integration module to minimize the risk of exploitation.