CVE-2019-6781Open Redirect in Gitlab

CWE-601Open Redirect5 documents5 sources
Severity
7.5HIGHNVD
EPSS
0.1%
top 70.22%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
GitlabDebian Gitlab
Timeline
PublishedMay 17
Latest updateMay 24

Description

An Improper Input Validation issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It was possible to use the profile name to inject a potentially malicious link into notification emails.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

NVDgitlab/gitlab11.5.011.5.10+2
debiandebian/gitlab< gitlab 11.5.10+dfsg-1 (sid)
gitlabgitlab/gitlab

🔴Vulnerability Details

2
GHSA
GHSA-qjj8-rghq-cx4f: An Improper Input Validation issue was discovered in GitLab Community and Enterprise Edition before 112022-05-24
OSV
CVE-2019-6781: An Improper Input Validation issue was discovered in GitLab Community and Enterprise Edition before 112019-05-17

📋Vendor Advisories

2
GitLab
CVE-2019-6781: An Improper Input Validation issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 112019-05-17
Debian
CVE-2019-6781: gitlab - An Improper Input Validation issue was discovered in GitLab Community and Enterp...2019