Main Vulnerability Database Vulnerabilities #VU30788

#VU30788 Input validation error in Gitlab Community Edition - CVE-2019-5461

Published: September 9, 2019 / Updated: July 17, 2020

Vulnerability identifier: #VU30788

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2019-5461

CWE-ID: CWE-20

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vulnerable software:
Gitlab Community Edition

Software vendor:
GitLab, Inc

Description

The vulnerability allows a remote authenticated user to manipulate data.

An input validation problem was discovered in the GitHub service integration which could result in an attacker being able to make arbitrary POST requests in a GitLab instance's internal network. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6.

Remediation

Install update from vendor's website.

External links

https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/
https://gitlab.com//gitlab-org/gitlab-ce/issues/54649
https://hackerone.com/reports/446593

#VU30788 Input validation error in Gitlab Community Edition - CVE-2019-5461

Description

Remediation

External links

Please verify you're human