PT-2019-14291 · Gitlab · Gitlab Ce/Ee+1

Vakzz

Published

2019-12-18

Updated

2020-10-09

CVE-2019-15575

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions prior to 12.3.2 GitLab CE/EE versions prior to 12.2.6 GitLab CE/EE versions prior to 12.1.12

Description A command injection issue exists that allows an attacker to inject commands via the API through the blobs scope.

Recommendations For versions prior to 12.3.2, update to version 12.3.2 or later. For versions prior to 12.2.6, update to version 12.2.6 or later. For versions prior to 12.1.12, update to version 12.1.12 or later.

Exploit

Fix

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-77

Related Identifiers

CVE-2019-15575

Affected Products

Gitlab

Gitlab Ce/Ee

PT-2019-14291 · Gitlab · Gitlab Ce/Ee+1

CVE-2019-15575

Weakness Enumeration

Related Identifiers

Affected Products

References · 4