Input Validation Flaw in GitLab Products by GitLab Inc.
CVE-2019-5461

3.5LOW

Key Information:

Vendor: Gitlab
Status: Gitlab Community Edition
Vendor: CVE Published:; 9 September 2019

What is CVE-2019-5461?

An input validation weakness was identified in the GitHub service integration within GitLab, which may enable an attacker to execute arbitrary POST requests in the internal network of a GitLab instance. This vulnerability has been rectified in the versions 12.1.2, 12.0.4, and 11.11.6, highlighting the importance of regular software updates and network security measures to mitigate associated risks.

Affected Version(s)

GitLab Community Edition Fix Versions: 12.1.2, 12.0.4, and 11.11.6

References

https://hackerone.com/reports/446593

x_refsource_MISC

https://gitlab.com//gitlab-org/gitlab-ce/issues/54649

x_refsource_CONFIRM

CVSS V3.1

Score:

3.5

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 9, 2019
Vulnerability Reserved
Jan 4, 2019

Gitlab

What is CVE-2019-5461?

Affected Version(s)

References

CVSS V3.1

Timeline