CyberSec.Space Logo
Back to CVE Browser

CVE-2019-9174

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0480%
EPSS Percentile20.52th
PublishedApr 17, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows SSRF.

Affected Platforms (CPE)

πŸ“¦
Gitlab

Gitlab

< 11.6.10
πŸ“¦
Gitlab

Gitlab

< 11.6.10
πŸ“¦
Gitlab

Gitlab

>= 11.7.0 and < 11.7.6
πŸ“¦
Gitlab

Gitlab

>= 11.7.0 and < 11.7.6
πŸ“¦
Gitlab

Gitlab

>= 11.8.0 and < 11.8.1
πŸ“¦
Gitlab

Gitlab

>= 11.8.0 and < 11.8.1

References & Advisories

πŸ”— https://about.gitlab.com/2019/03/04/security-release-gitlab-11-dot-8-dot-1-released/
πŸ”— https://about.gitlab.com/blog/categories/releases/
πŸ”— https://gitlab.com/gitlab-org/gitlab-ce/issues/55468
πŸ”— https://about.gitlab.com/2019/03/04/security-release-gitlab-11-dot-8-dot-1-released/
πŸ”— https://about.gitlab.com/blog/categories/releases/
πŸ”— https://gitlab.com/gitlab-org/gitlab-ce/issues/55468

Related Vulnerabilities

CVE-2018-1884310.0

The Kubernetes integration in GitLab Enterprise Edition 11.x before 11.2.8, 11.3.x before 11.3.9, and 11.4.x before 11.4.4 has SSR...

CVE-2021-2220510.0

An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image f...

CVE-2020-541510.0

Concourse, versions prior to 6.3.1 and 6.4.1, in installations which use the GitLab auth connector, is vulnerable to identity spoo...

CVE-2021-221929.9

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2 allowing unauthorized authenticated users t...