An issue was discovered in GitLab Community and Enterprise Edition 10.1 through 12.2.1. Protections against SSRF attacks on the Kubernetes integration are insufficient, which could have allowed an attacker to request any local network resource accessible from the GitLab server.
References
Link | Resource |
---|---|
https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/ | Release Notes Vendor Advisory |
https://gitlab.com/gitlab-org/gitlab-ce/issues/61314 | Broken Link |
https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/ | Release Notes Vendor Advisory |
https://gitlab.com/gitlab-org/gitlab-ce/issues/61314 | Broken Link |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 04:29
Type | Values Removed | Values Added |
---|---|---|
References | () https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/ - Release Notes, Vendor Advisory | |
References | () https://gitlab.com/gitlab-org/gitlab-ce/issues/61314 - Broken Link |
Information
Published : 2019-09-16 17:15
Updated : 2024-11-21 04:29
NVD link : CVE-2019-15728
Mitre link : CVE-2019-15728
CVE.ORG link : CVE-2019-15728
JSON object : View
Products Affected
gitlab
- gitlab
CWE
CWE-918
Server-Side Request Forgery (SSRF)