CVE-2019-5468 — Improper Privilege Management in Gitlab

CWE-269 — Improper Privilege Management4 documents4 sources

Severity

8.8HIGHNVD

EPSS

0.7%

top 28.73%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gitlab Debian Gitlab Giltlab Gitlab

Timeline

PublishedJan 28

Latest updateMay 24

Description

An privilege escalation issue was discovered in Gitlab versions < 12.1.2, < 12.0.4, and < 11.11.6 when Mattermost slash commands are used with a blocked account.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

▶NVDgitlab/gitlab11.11.0 — 11.11.6+2

▶debiandebian/gitlab< gitlab 12.6.8-3 (sid)

▶gitlabgitlab/gitlab

▶CVEListV5giltlab/gitlabbefore 11.11.6, before 12.0.4, before 12.1.2+2

Patches

Patch: about.gitlab.com ↗Patch: about.gitlab.com ↗

🔴Vulnerability Details

GHSA

GHSA-qj8w-vx7m-776m: An privilege escalation issue was discovered in Gitlab versions < 12↗2022-05-24

▶

📋Vendor Advisories

GitLab

CVE-2019-5468: An privilege escalation issue was discovered in Gitlab versions < 12.1.2, < 12.0.4, and < 11.11.6 when Mattermost slash commands are used with a block↗2020-01-28

▶

Debian

CVE-2019-5468: gitlab - An privilege escalation issue was discovered in Gitlab versions < 12.1.2, < 12.0...↗2019

▶