Lucene search

PRIOn knowledge basePRION:CVE-2019-15741

HistorySep 16, 2019 - 6:15 p.m.

Privilege escalation

2019-09-1618:15:00

PRIOn knowledge base

www.prio-n.com

9.3 High

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

82.6%

An issue was discovered in GitLab Omnibus 7.4 through 12.2.1. An unsafe interaction with logrotate could result in a privilege escalation

CPENameOperatorVersion
omnibusge7.4.0
omnibuslt12.0.8
omnibusge12.1.0
omnibuslt12.1.8
omnibusge12.2.0
omnibuslt12.2.3

Name	Operator	Version
omnibus	ge	7.4.0
omnibus	lt	12.0.8
omnibus	ge	12.1.0
omnibus	lt	12.1.8
omnibus	ge	12.2.0
omnibus	lt	12.2.3

References

packetstormsecurity.com/files/154734/GitLab-Omnibus-12.2.1-Logrotate-Privilege-Escalation.html

seclists.org/fulldisclosure/2019/Oct/7

about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/

gitlab.com/gitlab-org/omnibus-gitlab/issues/4380