SB2019041728 - Multiple vulnerabilities in GitLab, Gitlab Community Edition

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2019041728

SB2019041728 - Multiple vulnerabilities in GitLab, Gitlab Community Edition

Published: April 17, 2019 Updated: August 8, 2020

Security Bulletin ID SB2019041728
Severity
High
Patch available
YES
Number of vulnerabilities 2
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.


1) Input validation error (CVE-ID: CVE-2019-9485)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Insecure Permissions.


2) Input validation error (CVE-ID: CVE-2019-9890)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

An issue was discovered in GitLab Community and Enterprise Edition 10.x and 11.x before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Insecure Permissions.


Remediation

Install update from vendor's website.

References