CVE-2019-14942 — Vulnetix

CVE-2019-14942 PUBLISHED CVSS 5.900000095367432 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition before 11.11.8, 12 before 12.0.6, and 12.1 before 12.1.6. Cookies for GitLab Pages (which have access control) could be sent over cleartext HTTP.

EPSS 0.11% · 28.6th percentile

Risk Scores

CVSS v3.1

5.900000095367432

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Score

0.11%

28.6th percentile

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a
gitlab	gitlab	12.0.0, 0, 0

Timeline

Apr 15, 2023 CVE Published
Apr 16, 2023 EPSS Score
May 24, 2023 EPSS Score
Jun 30, 2023 EPSS Score
Aug 7, 2023 EPSS Score
Sep 13, 2023 EPSS Score
Oct 21, 2023 EPSS Score
Nov 27, 2023 EPSS Score
Jan 4, 2024 EPSS Score
Feb 10, 2024 EPSS Score
Mar 19, 2024 EPSS Score
Apr 25, 2024 EPSS Score

References

https://about.gitlab.com/blog/categories/releases/ url
https://gitlab.com/gitlab-org/gitlab-pages/issues/232 url
https://about.gitlab.com/releases/2019/08/12/critical-security-release-gitlab-12-dot-1-dot-6-released/ url
https://nvd.nist.gov/vuln/detail/CVE-2019-14942 advisory
https://about.gitlab.com/blog/categories/releases url
https://about.gitlab.com/releases/2019/08/12/critical-security-release-gitlab-12-dot-1-dot-6-released url

Open in Interactive Console →