CVE-2019-14944 — Vulnetix

CVE-2019-14944 PUBLISHED CVSS 6.5 MEDIUM

An issue was discovered in GitLab Community and Enterprise Edition before 11.11.8, 12 before 12.0.6, and 12.1 before 12.1.6. Gitaly allows injection of command-line flags. This sometimes leads to privilege escalation or remote code execution.

EPSS 8.99% · 92.8th percentile

Risk Scores

CVSS v3.1

6.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

EPSS Score

8.99%

92.8th percentile

Affected Products

Vendor	Product	Versions
gitlab	gitlab	0, 0, 12.0.0
n/a	n/a	n/a

Timeline

Apr 15, 2023 CVE Published
Apr 16, 2023 EPSS Score
Apr 26, 2023 EPSS Score
Jun 30, 2023 EPSS Score
Aug 7, 2023 EPSS Score
Sep 13, 2023 EPSS Score
Oct 21, 2023 EPSS Score
Jan 4, 2024 EPSS Score
Feb 10, 2024 EPSS Score
Mar 19, 2024 EPSS Score
Apr 25, 2024 EPSS Score
Jul 9, 2024 EPSS Score

References

https://about.gitlab.com/blog/categories/releases/ url
https://gitlab.com/gitlab-org/gitaly/issues/1801 url
https://gitlab.com/gitlab-org/gitaly/issues/1802 url
https://about.gitlab.com/releases/2019/08/12/critical-security-release-gitlab-12-dot-1-dot-6-released/ url
https://nvd.nist.gov/vuln/detail/CVE-2019-14944 advisory
https://about.gitlab.com/blog/categories/releases url
https://about.gitlab.com/releases/2019/08/12/critical-security-release-gitlab-12-dot-1-dot-6-released url

Open in Interactive Console →