Vulnerability Details CVE-2019-5461
An input validation problem was discovered in the GitHub service integration which could result in an attacker being able to make arbitrary POST requests in a GitLab instance's internal network. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 11.1%
CVSS Severity
CVSS v3 Score 3.5
CVSS v2 Score 4.0
References
Products affected by CVE-2019-5461
-
cpe:2.3:a:gitlab:gitlab:11.11.0
-
cpe:2.3:a:gitlab:gitlab:11.11.1
-
cpe:2.3:a:gitlab:gitlab:11.11.2
-
cpe:2.3:a:gitlab:gitlab:11.11.3
-
cpe:2.3:a:gitlab:gitlab:11.11.4
-
cpe:2.3:a:gitlab:gitlab:11.11.5
-
cpe:2.3:a:gitlab:gitlab:11.11.6
-
cpe:2.3:a:gitlab:gitlab:12.0.0
-
cpe:2.3:a:gitlab:gitlab:12.0.1
-
cpe:2.3:a:gitlab:gitlab:12.0.2
-
cpe:2.3:a:gitlab:gitlab:12.0.3
-
cpe:2.3:a:gitlab:gitlab:12.1.0
-
cpe:2.3:a:gitlab:gitlab:12.1.1