PT-2020-11133 · Gitlab · Gitlab Ce/Ee+1

Published

2020-01-28

Updated

2020-08-24

CVE-2019-5462

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 9.0 and later

Description A privilege escalation issue was discovered when trigger tokens are not rotated once ownership of them has changed.

Recommendations For GitLab CE/EE versions 9.0 and later, rotate trigger tokens once ownership of them has changed to prevent privilege escalation.

Exploit

Fix

Insufficient Session Expiration

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-613

Related Identifiers

CVE-2019-5462

Affected Products

Gitlab

Gitlab Ce/Ee

PT-2020-11133 · Gitlab · Gitlab Ce/Ee+1

CVE-2019-5462

Weakness Enumeration

Related Identifiers

Affected Products

References · 5