Main Vulnerability Database Vulnerabilities #VU31105

Resource management error in Gitlab Community Edition - CVE-2019-9220

Published: April 17, 2019 / Updated: July 17, 2020

Vulnerability identifier: #VU31105

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2019-9220

CWE-ID: CWE-399

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: GitLab, Inc

Affected software:
Gitlab Community Edition

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Uncontrolled Resource Consumption.

How to mitigate CVE-2019-9220

Install update from vendor's website.

Sources

https://about.gitlab.com/2019/03/04/security-release-gitlab-11-dot-8-dot-1-released/
https://about.gitlab.com/blog/categories/releases/
https://gitlab.com/gitlab-org/gitlab-ce/issues/55653

Resource management error in Gitlab Community Edition - CVE-2019-9220

Detailed vulnerability description

How to mitigate CVE-2019-9220

Sources

Please verify you're human