Lucene search

MitreCVE-2019-14944

HistoryApr 16, 2023 - 12:15 a.m.

CVE-2019-14944

2023-04-1600:15:07

CWE-77

mitre

web.nvd.nist.gov

cve-2019-14944

gitlab

gitaly

injection

command-line flags

privilege escalation

remote code execution

security vulnerability

nvd

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

AI Score

Confidence

High

EPSS

0.015

Percentile

87.1%

JSON

An issue was discovered in GitLab Community and Enterprise Edition before 11.11.8, 12 before 12.0.6, and 12.1 before 12.1.6. Gitaly allows injection of command-line flags. This sometimes leads to privilege escalation or remote code execution.

Affected configurations

Nvd

Node

gitlabgitlabRange<11.11.8community

gitlabgitlabRange<11.11.8enterprise

gitlabgitlabRange12.0.0–12.0.6community

gitlabgitlabRange12.0.0–12.0.6enterprise

gitlabgitlabRange12.1.0–12.1.6community

gitlabgitlabRange12.1.0–12.1.6enterprise

VendorProductVersionCPE
gitlabgitlab*cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
gitlabgitlab*cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

Vendor	Product	Version	CPE
gitlab	gitlab	*	cpe:2.3:a:gitlab:gitlab:::::community:::*
gitlab	gitlab	*	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*

References

about.gitlab.com/blog/categories/releases/

about.gitlab.com/releases/2019/08/12/critical-security-release-gitlab-12-dot-1-dot-6-released/

gitlab.com/gitlab-org/gitaly/issues/1801

gitlab.com/gitlab-org/gitaly/issues/1802

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

AI Score

Confidence

High

EPSS

0.015

Percentile

87.1%

JSON

Related for CVE-2019-14944