CVE-2019-15728

high

Description

An issue was discovered in GitLab Community and Enterprise Edition 10.1 through 12.2.1. Protections against SSRF attacks on the Kubernetes integration are insufficient, which could have allowed an attacker to request any local network resource accessible from the GitLab server.

References

https://gitlab.com/gitlab-org/gitlab-ce/issues/61314

https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/

Details

Source: Mitre, NVD

Published: 2019-09-16

Updated: 2019-09-18

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Severity: High