Rapid7 Vulnerability & Exploit Database

FreeBSD: VID-11292460-3F2F-11E9-ADCB-001B217B3468 (CVE-2019-9221): Gitlab -- Multiple vulnerabilities

Back to Search

FreeBSD: VID-11292460-3F2F-11E9-ADCB-001B217B3468 (CVE-2019-9221): Gitlab -- Multiple vulnerabilities

Severity
2
CVSS
(AV:L/AC:L/Au:N/C:P/I:N/A:N)
Published
03/04/2019
Created
03/19/2019
Added
03/05/2019
Modified
06/03/2019

Description

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From VID-11292460-3F2F-11E9-ADCB-001B217B3468:

Gitlab reports:

Arbitrary file read via MergeRequestDiff

CSRF add Kubernetes cluster integration

Blind SSRF in prometheus integration

Merge request information disclosure

IDOR milestone name information disclosure

Burndown chart information disclosure

Private merge request titles in public project information disclosure

Private namespace disclosure in email notification when issue is moved

Milestone name disclosure

Issue board name disclosure

NPM automatic package referencer

Path traversal snippet mover

Information disclosure repo existence

Issue DoS via Mermaid

Privilege escalation impersonate user

Solution(s)

  • freebsd-upgrade-package-gitlab-ce

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;