CVE-2019-12430

moderate-risk
Published 2020-03-10

An issue was discovered in GitLab Community and Enterprise Edition 11.11. A specially crafted payload would allow an authenticated malicious user to execute commands remotely through the repository download feature. It allows Command Injection.

Do I need to act?

~
3.7% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10 High
NETWORK / LOW complexity

Affected Products (2)

Affected Vendors

Gitlab

References (4)

Release Notes https://about.gitlab.com/blog/categories/releases/
Release Notes https://about.gitlab.com/releases/2019/06/03/security-release-gitlab-11-dot-11-d...
Release Notes https://about.gitlab.com/blog/categories/releases/
Release Notes https://about.gitlab.com/releases/2019/06/03/security-release-gitlab-11-dot-11-d...
44
/ 100
moderate-risk
Severity 30/34 · Critical
Exploitability 7/34 · Low
Exposure 7/34 · Low