CVE-2019-9176Cross-Site Request Forgery in Gitlab

CWE-352Cross-Site Request Forgery4 documents4 sources
Severity
6.5MEDIUMNVD
EPSS
0.1%
top 75.06%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
GitlabDebian Gitlab
Timeline
PublishedApr 17
Latest updateMay 14

Description

An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows CSRF.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

NVDgitlab/gitlab11.7.011.7.6+2
debiandebian/gitlab< gitlab 11.8.2-2 (sid)
gitlabgitlab/gitlab

🔴Vulnerability Details

1
GHSA
GHSA-4w7w-4ppq-m6f2: An issue was discovered in GitLab Community and Enterprise Edition before 112022-05-14

📋Vendor Advisories

2
GitLab
CVE-2019-9176: An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows CSRF.2019-04-17
Debian
CVE-2019-9176: gitlab - An issue was discovered in GitLab Community and Enterprise Edition before 11.6.1...2019