CVE-2019-13121
HIGHGitLab 10.6.0-12.0.2 - Server-Side Request Forgery via GitHub Project Integration
Title source: llmDescription
An issue was discovered in GitLab Enterprise Edition 10.6 through 12.0.2. The GitHub project integration was vulnerable to an SSRF vulnerability which allowed an attacker to make requests to local network resources. It has Incorrect Access Control.
References (2)
Core 2
Core References
Release Notes, Vendor Advisory x_refsource_misc
https://about.gitlab.com/blog/categories/releases/
Vendor Advisory x_refsource_confirm
https://about.gitlab.com/releases/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/
Scores
CVSS v3
7.5
EPSS
0.0010
EPSS Percentile
27.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-918
Status
published
Products (1)
gitlab/gitlab
10.6.0 - 12.0.2
Published
Mar 10, 2020
Tracked Since
Feb 18, 2026