← Back

CVE-2019-14944

nvd nist
Published: Apr 16, 2023Modified: Feb 6, 2025

JSON object

Loading...
6.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Exploitability: 3.9 / Impact: 2.5
Source: NVD

Description

An issue was discovered in GitLab Community and Enterprise Edition before 11.11.8, 12 before 12.0.6, and 12.1 before 12.1.6. Gitaly allows injection of command-line flags. This sometimes leads to privilege escalation or remote code execution.

Affected (6)

Products: Gitlab: Gitlab
Gitlab
1 product
Gitlab
Configuration A
6 vulnerable
Vulnerable SoftwareAffected Versions
Gitlab
Gitlab
Before 11.11.8
Gitlab
From 12.0.0 to 12.0.6
Gitlab
From 12.1.0 to 12.1.6
Gitlab
Before 11.11.8
Gitlab
From 12.0.0 to 12.0.6
Gitlab
From 12.1.0 to 12.1.6

Related CWEs

CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

References (8)

Source: cve@mitre.org
Release Notes
Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
ExploitIssue TrackingVendor Advisory
Source: cve@mitre.org
Broken Link
Source: af854a3a-2127-422b-91ae-364da2661108
Release Notes
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitIssue TrackingVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link

Timeline

No history available yet.