CVE-2019-5468

Published: Jan 28, 2020Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

An privilege escalation issue was discovered in Gitlab versions < 12.1.2, < 12.0.4, and < 11.11.6 when Mattermost slash commands are used with a blocked account.

Affected (6)

Products: Gitlab: Gitlab

1 product

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Gitlab Gitlab	From 11.11.0 to 11.11.6
Gitlab Gitlab	From 12.0.0 to 12.0.4
Gitlab Gitlab	From 12.1.0 to 12.1.2
Gitlab Gitlab	From 11.11.0 to 11.11.6
Gitlab Gitlab	From 12.0.0 to 12.0.4
Gitlab Gitlab	From 12.1.0 to 12.1.2

Related CWEs

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (6)

https://about.gitlab.com/releases/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/

Source: support@hackerone.com

PatchRelease NotesVendor Advisory

https://gitlab.com/gitlab-org/gitlab-ce/issues/57556

Source: support@hackerone.com

ExploitVendor Advisory

https://hackerone.com/reports/493562

Source: support@hackerone.com

Permissions Required

https://about.gitlab.com/releases/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/

Source: af854a3a-2127-422b-91ae-364da2661108

PatchRelease NotesVendor Advisory

https://gitlab.com/gitlab-org/gitlab-ce/issues/57556

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitVendor Advisory

https://hackerone.com/reports/493562

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions Required

Timeline

No history available yet.