PT-2020-10203 · Gitlab · Gitlab Ce/Ee+1
Nyangawa
·
Published
2020-01-05
·
Updated
2020-01-10
·
CVE-2019-19628
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
GitLab EE versions 11.3 through 12.5.3
GitLab EE version 12.4.5
GitLab EE version 12.3.8
Description
The issue is related to insufficient parameter sanitization for the Maven package registry, which could lead to privilege escalation and remote code execution under certain conditions.
Recommendations
For GitLab EE versions 11.3 through 12.5.3, update to a version that includes the necessary security patches to address the insufficient parameter sanitization issue.
For GitLab EE version 12.4.5, apply the recommended security fixes to prevent privilege escalation and remote code execution.
For GitLab EE version 12.3.8, consider restricting access to the Maven package registry until a patch is available to mitigate the risk of exploitation.
Fix
RCE
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Gitlab
Gitlab Ce/Ee