Lucene search

GoogleOSV:CVE-2019-14944

HistoryApr 16, 2023 - 12:15 a.m.

CVE-2019-14944

2023-04-1600:15:07

Google

osv.dev

gitlab

gitaly

command injection

privilege escalation

remote code execution

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

AI Score

7.4

Confidence

High

EPSS

0.015

Percentile

87.1%

JSON

An issue was discovered in GitLab Community and Enterprise Edition before 11.11.8, 12 before 12.0.6, and 12.1 before 12.1.6. Gitaly allows injection of command-line flags. This sometimes leads to privilege escalation or remote code execution.

References

about.gitlab.com/blog/categories/releases/

about.gitlab.com/releases/2019/08/12/critical-security-release-gitlab-12-dot-1-dot-6-released/

gitlab.com/gitlab-org/gitaly/issues/1801

gitlab.com/gitlab-org/gitaly/issues/1802

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

AI Score

7.4

Confidence

High

EPSS

0.015

Percentile

87.1%

JSON

Related for OSV:CVE-2019-14944