CVE-2019-6781
published 2019-05-17CVE-2019-6781: An Improper Input Validation issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It…
PriorityP337high7.5CVSS 3.1
AVNACLPRNUINSUCNIHAN
EPSS
1.19%
64.0th percentile
An Improper Input Validation issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It was possible to use the profile name to inject a potentially malicious link into notification emails.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | gitlab | < gitlab 11.5.10+dfsg-1 (sid) | gitlab 11.5.10+dfsg-1 (sid) |
| gitlab | gitlab | — | — |
| gitlab | gitlab | >= 11.5.0 < 11.5.10 | 11.5.10 |
| gitlab | gitlab | >= 11.6.0 < 11.6.8 | 11.6.8 |
| gitlab | gitlab | >= 11.7.0 < 11.7.3 | 11.7.3 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N
osv7.5HIGH
vendor_debian7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GitLab
CVE-2019-6781: An Improper Input Validation issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11
vendor_gitlab·2019-05-17·CVSS 7.5
CVE-2019-6781 [HIGH] CWE-601 CVE-2019-6781: An Improper Input Validation issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11
CVE-2019-6781: An Improper Input Validation issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It was possible to use the profile name to inject a potentially malicious link into notification emails.
Debian
CVE-2019-6781: gitlab - An Improper Input Validation issue was discovered in GitLab Community and Enterp...
vendor_debian·2019·CVSS 7.5
CVE-2019-6781 [HIGH] CVE-2019-6781: gitlab - An Improper Input Validation issue was discovered in GitLab Community and Enterp...
An Improper Input Validation issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It was possible to use the profile name to inject a potentially malicious link into notification emails.
Scope: local
sid: resolved (fixed in 11.5.10+dfsg-1)
GHSA
GHSA-qjj8-rghq-cx4f: An Improper Input Validation issue was discovered in GitLab Community and Enterprise Edition before 11
ghsa_unreviewed·2022-05-24
CVE-2019-6781 [HIGH] CWE-601 GHSA-qjj8-rghq-cx4f: An Improper Input Validation issue was discovered in GitLab Community and Enterprise Edition before 11
An Improper Input Validation issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It was possible to use the profile name to inject a potentially malicious link into notification emails.
OSV
CVE-2019-6781: An Improper Input Validation issue was discovered in GitLab Community and Enterprise Edition before 11
osv·2019-05-17·CVSS 7.5
CVE-2019-6781 [HIGH] CVE-2019-6781: An Improper Input Validation issue was discovered in GitLab Community and Enterprise Edition before 11
An Improper Input Validation issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It was possible to use the profile name to inject a potentially malicious link into notification emails.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2019-05-17
Published