PT-2019-14352 · Gitlab+1 · Gitlab Ce/Ee+2
Felipe Cardozo
·
Published
2019-09-16
·
Updated
2019-09-18
·
CVE-2019-15730
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
GitLab Community and Enterprise Edition versions 8.14 through 12.2.1
Description
An issue was discovered in the Jira integration, which contains a Server-Side Request Forgery (SSRF) vulnerability. This vulnerability is a result of a bypass of the current protection mechanisms against this type of attack. It would allow sending requests to any resources accessible in the local network by the GitLab server.
Recommendations
For GitLab Community and Enterprise Edition versions 8.14 through 12.2.1, consider disabling the Jira integration as a temporary workaround until a patch is available. Restrict access to the Jira integration module to minimize the risk of exploitation.
Fix
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Gitlab
Gitlab Ce/Ee
Jira