Vulnerabilities > CVE-2019-19313 - Improper Handling of Exceptional Conditions vulnerability in Gitlab
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
GitLab EE 12.3 through 12.5, 12.4.3, and 12.3.6 allows Denial of Service. Certain characters were making it impossible to create, edit, or view issues and commits.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family | FreeBSD Local Security Checks |
NASL id | FREEBSD_PKG_1AA7A094114711EAB537001B217B3468.NASL |
description | Gitlab reports : Path traversal with potential remote code execution Private objects exposed through project import Disclosure of notes via Elasticsearch integration Disclosure of comments via Elasticsearch integration DNS Rebind SSRF in various chat notifications Disclosure of vulnerability status in dependency list Disclosure of commit count in Cycle Analytics Exposure of related branch names Tags pushes from blocked users Branches and Commits exposed to Guest members via integration IDOR when adding users to protected environments Former project members able to access repository information Unauthorized access to grafana metrics Todos created for former project members Update Mattermost dependency Disclosure of AWS secret keys on certain Admin pages Stored XSS in Group and User profile fields Forked project information disclosed via Project API Denial of Service in the issue and commit comment pages Tokens stored in plaintext |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 131466 |
published | 2019-12-03 |
reporter | This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/131466 |
title | FreeBSD : Gitlab -- Multiple Vulnerabilities (1aa7a094-1147-11ea-b537-001b217b3468) |
code |
|
References
- https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/
- https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/
- https://about.gitlab.com/blog/categories/releases/
- https://about.gitlab.com/blog/categories/releases/
- https://gitlab.com/gitlab-org/gitlab/issues/14947
- https://gitlab.com/gitlab-org/gitlab/issues/14947