vulnerability
FreeBSD: VID-B68CC195-CAE7-11E9-86E9-001B217B3468 (CVE-2019-15740): Gitlab -- Multiple Vulnerabilities
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
5 | (AV:N/AC:L/Au:N/C:P/I:N/A:N) | Aug 29, 2019 | Aug 31, 2019 | Sep 20, 2019 |
Description
Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.
From VID-B68CC195-CAE7-11E9-86E9-001B217B3468:
Gitlab reports:
Kubernetes Integration Server-Side Request Forgery
Server-Side Request Forgery in Jira Integration
Improved Protection Against Credential Stuffing Attacks
Markdown Clientside Resource Exhaustion
Pipeline Status Disclosure
Group Runner Authorization Issue
CI Metrics Disclosure
User IP Disclosed by Embedded Image and Media
Label Description HTML Injection
IDOR in Epic Notes API
Push Rule Bypass
Project Visibility Restriction Bypass
Merge Request Discussion Restriction Bypass
Disclosure of Merge Request IDs
Weak Authentication In Certain Account Actions
Disclosure of Commit Title and Comments
Stored XSS via Markdown
EXIF Geolocation Data Exposure
Multiple SSRF Regressions on Gitaly
Default Branch Name Exposure
Potential Denial of Service via CI Pipelines
Privilege Escalation via Logrotate
Solution
References

Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.