CVE-2019-6793
HIGH NUCLEIGitLab 10.0.0-11.5.7, 11.6.0-11.6.5, 11.7.0 - Unauthenticated Server-Side Request Forgery via Jira Integration
Title source: llmExploitation Summary
CVE-2019-6793 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.
Description
An issue was discovered in GitLab Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. The Jira integration feature is vulnerable to an unauthenticated blind SSRF issue.
Nuclei Templates (1)
GitLab Enterprise Edition - Server-Side Request Forgery
HIGHby ritikchaddha
Shodan:
html:"GitLab Enterprise Edition"
FOFA:
body="GitLab Enterprise Edition"
References (2)
Core 2
Core References
Release Notes, Vendor Advisory x_refsource_confirm
https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/
Exploit, Issue Tracking, Third Party Advisory x_refsource_confirm
https://gitlab.com/gitlab-org/gitlab-ce/issues/50748
Scores
CVSS v3
7.0
EPSS
0.0351
EPSS Percentile
87.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L
Details
CWE
CWE-918
Status
published
Products (1)
gitlab/gitlab
10.0.0 - 11.5.8
Published
Sep 09, 2019
Tracked Since
Feb 18, 2026