Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2019-6793 — Server-Side Request Forgery in Gitlab

CWE-918 — Server-Side Request Forgery5 documents5 sources

Severity

7.0HIGHNVD

EPSS

5.3%

top 9.97%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Gitlab Debian Gitlab

Timeline

PublishedSep 9

Latest updateMay 24

Description

An issue was discovered in GitLab Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. The Jira integration feature is vulnerable to an unauthenticated blind SSRF issue.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:LExploitability: 2.2 | Impact: 4.7

Affected Packages3 packages

▶NVDgitlab/gitlab10.0.0 — 11.5.8+2

▶debiandebian/gitlab

▶gitlabgitlab/gitlab

🔴Vulnerability Details

GHSA

GHSA-7jgw-fhvx-qfxf: An issue was discovered in GitLab Enterprise Edition before 11↗2022-05-24

▶

💥Exploits & PoCs

Nuclei

GitLab Enterprise Edition - Server-Side Request Forgery

▶

📋Vendor Advisories

GitLab

CVE-2019-6793: An issue was discovered in GitLab Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. The Jira integration feature is vu↗2019-09-09

▶

Debian

CVE-2019-6793: gitlab - An issue was discovered in GitLab Enterprise Edition before 11.5.8, 11.6.x befor...↗2019

▶