CVE-2019-13121: SSRF
First published: Tue Mar 10 2020(Updated: )
An issue was discovered in GitLab Enterprise Edition 10.6 through 12.0.2. The GitHub project integration was vulnerable to an SSRF vulnerability which allowed an attacker to make requests to local network resources. It has Incorrect Access Control.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GitLab | >=10.6.0<=12.0.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2019-13121?
CVE-2019-13121 is classified as a moderate severity vulnerability due to its SSRF nature.
How do I fix CVE-2019-13121?
To fix CVE-2019-13121, upgrade GitLab Enterprise Edition to version 12.0.3 or later.
What type of vulnerability is CVE-2019-13121?
CVE-2019-13121 is a Server-Side Request Forgery (SSRF) vulnerability allowing unauthorized access to local network resources.
Which versions of GitLab are affected by CVE-2019-13121?
CVE-2019-13121 affects GitLab Enterprise Edition versions from 10.6.0 to 12.0.2.
Can CVE-2019-13121 lead to data exposure?
Yes, CVE-2019-13121 can potentially lead to data exposure by allowing attackers to access local network resources.
- agent/references
- agent/type
- agent/weakness
- agent/author
- agent/severity
- agent/softwarecombine
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/gitlab
- canonical/gitlab
- version/gitlab/10.6.0
- version/gitlab/12.0.2