Main Vulnerability Database Vulnerabilities #VU30788

Input validation error in Gitlab Community Edition - CVE-2019-5461

Published: September 9, 2019 / Updated: July 17, 2020

Vulnerability identifier: #VU30788

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2019-5461

CWE-ID: CWE-20

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vendor: GitLab, Inc

Affected software:
Gitlab Community Edition

Detailed vulnerability description

The vulnerability allows a remote authenticated user to manipulate data.

An input validation problem was discovered in the GitHub service integration which could result in an attacker being able to make arbitrary POST requests in a GitLab instance's internal network. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6.

How to mitigate CVE-2019-5461

Install update from vendor's website.

Sources

https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/
https://gitlab.com//gitlab-org/gitlab-ce/issues/54649
https://hackerone.com/reports/446593

Input validation error in Gitlab Community Edition - CVE-2019-5461

Detailed vulnerability description

How to mitigate CVE-2019-5461

Sources

Please verify you're human