PT-2019-17690 · Gitlab · Gitlab

Published

2019-09-09

Updated

2021-11-03

CVE-2019-5461

CVSS v2.0

4.0

Medium

Vector

AV:N/AC:L/Au:S/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions GitLab versions prior to 11.11.6 GitLab versions prior to 12.0.4 GitLab versions prior to 12.1.2

Description An input validation issue was found in the GitHub service integration, allowing an attacker to make arbitrary POST requests within a GitLab instance's internal network.

Recommendations For versions prior to 11.11.6, update to version 11.11.6 or later. For versions prior to 12.0.4, update to version 12.0.4 or later. For versions prior to 12.1.2, update to version 12.1.2 or later.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2019-5461

Affected Products

Gitlab

PT-2019-17690 · Gitlab · Gitlab

CVE-2019-5461

Weakness Enumeration

Related Identifiers

Affected Products

References · 7