CVE-2019-15728
HIGHGitLab 10.1-12.2.1 - Server-Side Request Forgery via Kubernetes Integration
Title source: llmDescription
An issue was discovered in GitLab Community and Enterprise Edition 10.1 through 12.2.1. Protections against SSRF attacks on the Kubernetes integration are insufficient, which could have allowed an attacker to request any local network resource accessible from the GitLab server.
References (2)
Core 2
Core References
Broken Link x_refsource_misc
https://gitlab.com/gitlab-org/gitlab-ce/issues/61314
Release Notes, Vendor Advisory x_refsource_misc
https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
Scores
CVSS v3
7.5
EPSS
0.0024
EPSS Percentile
47.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-918
Status
published
Products (1)
gitlab/gitlab
10.1.0 - 12.0.8 (2 CPE variants)
Published
Sep 16, 2019
Tracked Since
Feb 18, 2026