An issue was discovered in GitLab Community and Enterprise Edition before 11.11.8, 12 before 12.0.6, and 12.1 before 12.1.6. Gitaly allows injection of command-line flags. This sometimes leads to privilege escalation or remote code execution.
References
| Link | Resource |
|---|---|
| https://about.gitlab.com/blog/categories/releases/ | Release Notes |
| https://about.gitlab.com/releases/2019/08/12/critical-security-release-gitlab-12-dot-1-dot-6-released/ | Vendor Advisory |
| https://gitlab.com/gitlab-org/gitaly/issues/1801 | Exploit Issue Tracking Vendor Advisory |
| https://gitlab.com/gitlab-org/gitaly/issues/1802 | Broken Link |
| https://about.gitlab.com/blog/categories/releases/ | Release Notes |
| https://about.gitlab.com/releases/2019/08/12/critical-security-release-gitlab-12-dot-1-dot-6-released/ | Vendor Advisory |
| https://gitlab.com/gitlab-org/gitaly/issues/1801 | Exploit Issue Tracking Vendor Advisory |
| https://gitlab.com/gitlab-org/gitaly/issues/1802 | Broken Link |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 04:27
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://about.gitlab.com/blog/categories/releases/ - Release Notes | |
| References | () https://about.gitlab.com/releases/2019/08/12/critical-security-release-gitlab-12-dot-1-dot-6-released/ - Vendor Advisory | |
| References | () https://gitlab.com/gitlab-org/gitaly/issues/1801 - Exploit, Issue Tracking, Vendor Advisory | |
| References | () https://gitlab.com/gitlab-org/gitaly/issues/1802 - Broken Link |
Information
Published : 2023-04-16 00:15
Updated : 2024-11-21 04:27
NVD link : CVE-2019-14944
Mitre link : CVE-2019-14944
CVE.ORG link : CVE-2019-14944
JSON object : View
Products Affected
gitlab
- gitlab
CWE
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')