Lucene search

[email protected]NVD:CVE-2019-14944

HistoryApr 16, 2023 - 12:15 a.m.

CVE-2019-14944

2023-04-1600:15:07

CWE-77

[email protected]

web.nvd.nist.gov

gitlab

gitaly

command injection

privilege escalation

remote code execution

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

EPSS

0.015

Percentile

87.1%

JSON

An issue was discovered in GitLab Community and Enterprise Edition before 11.11.8, 12 before 12.0.6, and 12.1 before 12.1.6. Gitaly allows injection of command-line flags. This sometimes leads to privilege escalation or remote code execution.

Affected configurations

Nvd

Node

gitlabgitlabRange<11.11.8community

gitlabgitlabRange<11.11.8enterprise

gitlabgitlabRange12.0.0–12.0.6community

gitlabgitlabRange12.0.0–12.0.6enterprise

gitlabgitlabRange12.1.0–12.1.6community

gitlabgitlabRange12.1.0–12.1.6enterprise

VendorProductVersionCPE
gitlabgitlab*cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
gitlabgitlab*cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

Vendor	Product	Version	CPE
gitlab	gitlab	*	cpe:2.3:a:gitlab:gitlab:::::community:::*
gitlab	gitlab	*	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*

References

about.gitlab.com/blog/categories/releases/

about.gitlab.com/releases/2019/08/12/critical-security-release-gitlab-12-dot-1-dot-6-released/

gitlab.com/gitlab-org/gitaly/issues/1801

gitlab.com/gitlab-org/gitaly/issues/1802

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

EPSS

0.015

Percentile

87.1%

JSON

Related for NVD:CVE-2019-14944

ubuntucve1 cve1 cvelist1 prion1 osv1 debiancve1 freebsd1 nessus1