CVE-2019-12443

Severity CVSS v4.0:
Pending analysis
Type:
CWE-918 Server-Side Request Forgery (SSRF)
Publication date:
10/03/2020
Last modified:
10/03/2020

Description

An issue was discovered in GitLab Community and Enterprise Edition 10.2 through 11.11. Multiple features contained Server-Side Request Forgery (SSRF) vulnerabilities caused by an insufficient validation to prevent DNS rebinding attacks.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* 11.9.0 (including) 11.11.0 (including)
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* 11.9.0 (including) 11.11.0 (including)