PT-2020-9316 · Gitlab · Gitlab Ce/Ee+1

Nyangawa

Published

2020-03-10

Updated

2021-07-21

CVE-2019-12430

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: GitLab Community and Enterprise Edition version 11.11

Description: An issue allows an authenticated malicious user to execute commands remotely through the repository download feature, enabling Command Injection. This is possible with a specially crafted payload.

Recommendations: For GitLab Community and Enterprise Edition version 11.11, update to a version that includes a fix for this issue to prevent command injection attacks. As a temporary workaround, consider restricting access to the repository download feature to minimize the risk of exploitation.

Fix

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-77

Related Identifiers

CVE-2019-12430

Affected Products

Gitlab

Gitlab Ce/Ee

PT-2020-9316 · Gitlab · Gitlab Ce/Ee+1

CVE-2019-12430

Weakness Enumeration

Related Identifiers

Affected Products

References · 5