CVE-2019-5461
published 2019-09-09CVE-2019-5461: An input validation problem was discovered in the GitHub service integration which could result in an attacker being able to make arbitrary POST requests in a…
PriorityP419low3.5CVSS 3.1
AVAACLPRLUINSUCNILAN
EPSS
0.99%
58.2th percentile
An input validation problem was discovered in the GitHub service integration which could result in an attacker being able to make arbitrary POST requests in a GitLab instance's internal network. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | gitlab | < gitlab 12.6.8-3 (sid) | gitlab 12.6.8-3 (sid) |
| gitlab | gitlab | — | — |
| gitlab | gitlab | >= 11.11.0 < 11.11.7 | 11.11.7 |
| gitlab | gitlab | >= 12.0.0 < 12.0.4 | 12.0.4 |
| gitlab | gitlab | >= 12.1.0 < 12.1.2 | 12.1.2 |
CVSS provenance
nvdv3.13.5LOWCVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:N/I:P/A:N
vendor_debian3.5LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GitLab
CVE-2019-5461: An input validation problem was discovered in the GitHub service integration which could result in an attacker being able to make arbitrary POST reque
vendor_gitlab·2019-09-09·CVSS 3.5
CVE-2019-5461 [LOW] CWE-20 CVE-2019-5461: An input validation problem was discovered in the GitHub service integration which could result in an attacker being able to make arbitrary POST reque
CVE-2019-5461: An input validation problem was discovered in the GitHub service integration which could result in an attacker being able to make arbitrary POST requests in a GitLab instance's internal network. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6.
Debian
CVE-2019-5461: gitlab - An input validation problem was discovered in the GitHub service integration whi...
vendor_debian·2019·CVSS 3.5
CVE-2019-5461 [LOW] CVE-2019-5461: gitlab - An input validation problem was discovered in the GitHub service integration whi...
An input validation problem was discovered in the GitHub service integration which could result in an attacker being able to make arbitrary POST requests in a GitLab instance's internal network. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6.
Scope: local
sid: resolved (fixed in 12.6.8-3)
GHSA
GHSA-w75c-wmw7-rfpv: An input validation problem was discovered in the GitHub service integration which could result in an attacker being able to make arbitrary POST reque
ghsa_unreviewed·2022-05-24
CVE-2019-5461 [MEDIUM] CWE-20 GHSA-w75c-wmw7-rfpv: An input validation problem was discovered in the GitHub service integration which could result in an attacker being able to make arbitrary POST reque
An input validation problem was discovered in the GitHub service integration which could result in an attacker being able to make arbitrary POST requests in a GitLab instance's internal network. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2019-09-09
Published