CVE-2019-15730
HIGHGitLab 8.14.0-12.2.1 - Server-Side Request Forgery via Jira Integration
Title source: llmDescription
An issue was discovered in GitLab Community and Enterprise Edition 8.14 through 12.2.1. The Jira integration contains a SSRF vulnerability as a result of a bypass of the current protection mechanisms against this type of attack, which would allow sending requests to any resources accessible in the local network by the GitLab server.
References (2)
Core 2
Core References
Broken Link x_refsource_misc
https://gitlab.com/gitlab-org/gitlab-ce/issues/61349
Release Notes, Vendor Advisory x_refsource_misc
https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
Scores
CVSS v3
7.5
EPSS
0.0024
EPSS Percentile
47.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-918
Status
published
Products (1)
gitlab/gitlab
8.14.0 - 12.0.8 (2 CPE variants)
Published
Sep 16, 2019
Tracked Since
Feb 18, 2026