Lucene search

MitreCVE-2019-6793

HistorySep 09, 2019 - 8:15 p.m.

CVE-2019-6793

2019-09-0920:15:12

CWE-918

mitre

web.nvd.nist.gov

104

gitlab

cve-2019-6793

jira integration

blind ssrf

vulnerability

security issue

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L

AI Score

6.7

Confidence

High

EPSS

0.042

Percentile

92.4%

JSON

An issue was discovered in GitLab Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. The Jira integration feature is vulnerable to an unauthenticated blind SSRF issue.

Affected configurations

Nvd

Node

gitlabgitlabRange10.0.0–11.5.8enterprise

gitlabgitlabRange11.6.0–11.6.6enterprise

gitlabgitlabRange11.7.0–11.7.1enterprise

VendorProductVersionCPE
gitlabgitlab*cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

Vendor	Product	Version	CPE
gitlab	gitlab	*	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*

References

about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/

gitlab.com/gitlab-org/gitlab-ce/issues/50748

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L

AI Score

6.7

Confidence

High

EPSS

0.042

Percentile

92.4%

JSON

Related for CVE-2019-6793