CVE-2019-9174Server-Side Request Forgery in Gitlab

CWE-918Server-Side Request Forgery4 documents4 sources
Severity
10.0CRITICALNVD
EPSS
0.3%
top 47.38%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
GitlabDebian Gitlab
Timeline
PublishedApr 17
Latest updateMay 14

Description

An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows SSRF.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HExploitability: 3.9 | Impact: 6.0

Affected Packages3 packages

NVDgitlab/gitlab11.7.011.7.6+2
debiandebian/gitlab< gitlab 11.8.2-2 (sid)
gitlabgitlab/gitlab

🔴Vulnerability Details

1
GHSA
GHSA-4j42-wq8q-c389: An issue was discovered in GitLab Community and Enterprise Edition before 112022-05-14

📋Vendor Advisories

2
GitLab
CVE-2019-9174: An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows SSRF.2019-04-17
Debian
CVE-2019-9174: gitlab - An issue was discovered in GitLab Community and Enterprise Edition before 11.6.1...2019