CVE-2019-14944
on gitlab
Published
Severity
CVSS v3:
6.5 MEDIUM
CVSS v2:
N/A
Description
An issue was discovered in GitLab Community and Enterprise Edition before 11.11.8, 12 before 12.0.6, and 12.1 before 12.1.6. Gitaly allows injection of command-line flags. This sometimes leads to privilege escalation or remote code execution.
References
Configurations
CPE23 | Version Start | Version End | Exact Version |
---|---|---|---|
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* | n/a | 11.11.8 | * |
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* | n/a | 11.11.8 | * |
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* | 12.0.0 (including) | 12.0.6 | * |
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* | 12.0.0 (including) | 12.0.6 | * |
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* | 12.1.0 (including) | 12.1.6 | * |
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* | 12.1.0 (including) | 12.1.6 | * |