CVE-2019-14944

gitlab-org/gitaly

on gitlab

Published

April 16, 2023

Severity

CVSS v3:

6.5 MEDIUM

CVSS v2:

N/A

Description

An issue was discovered in GitLab Community and Enterprise Edition before 11.11.8, 12 before 12.0.6, and 12.1 before 12.1.6. Gitaly allows injection of command-line flags. This sometimes leads to privilege escalation or remote code execution.

References

https://gitlab.com/gitlab-org/gitaly/issues/1801
https://about.gitlab.com/releases/2019/08/12/critical-security-release-gitlab-12-dot-1-dot-6-released/
https://about.gitlab.com/blog/categories/releases/
https://gitlab.com/gitlab-org/gitaly/issues/1802

Configurations

CPE23	Version Start	Version End	Exact Version
cpe:2.3:a:gitlab:gitlab:::::enterprise:::*	n/a	11.11.8	*
cpe:2.3:a:gitlab:gitlab:::::community:::*	n/a	11.11.8	*
cpe:2.3:a:gitlab:gitlab:::::enterprise:::*	12.0.0 (including)	12.0.6	*
cpe:2.3:a:gitlab:gitlab:::::community:::*	12.0.0 (including)	12.0.6	*
cpe:2.3:a:gitlab:gitlab:::::community:::*	12.1.0 (including)	12.1.6	*
cpe:2.3:a:gitlab:gitlab:::::enterprise:::*	12.1.0 (including)	12.1.6	*

External Links

NVD - CVE-2019-14944