Main Vulnerability Database Vulnerabilities #VU30769

#VU30769 Input validation error in Gitlab Community Edition - CVE-2019-6785

Published: September 9, 2019 / Updated: July 17, 2020

Vulnerability identifier: #VU30769

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2019-6785

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Gitlab Community Edition

Software vendor:
GitLab, Inc

Description

The vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.

An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows Denial of Service. Inputting an overly long string into a Markdown field could cause a denial of service.

Remediation

Install update from vendor's website.

External links

https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/
https://gitlab.com/gitlab-org/gitlab-ce/issues/52212

#VU30769 Input validation error in Gitlab Community Edition - CVE-2019-6785

Description

Remediation

External links

Please verify you're human