CVE-2019-15726
First published: Mon Sep 16 2019(Updated: )
An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1. Embedded images and media files in markdown could be pointed to an arbitrary server, which would reveal the IP address of clients requesting the file from that server.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GitLab | <12.0.8 | |
| GitLab | <12.0.8 | |
| GitLab | >=12.1.0<12.1.8 | |
| GitLab | >=12.1.0<12.1.8 | |
| GitLab | >=12.2.0<12.2.3 | |
| GitLab | >=12.2.0<12.2.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2019-15726?
CVE-2019-15726 is rated as a medium severity vulnerability due to its potential to leak client IP addresses.
How do I fix CVE-2019-15726?
To fix CVE-2019-15726, upgrade GitLab to version 12.2.3 or later.
Which versions of GitLab are affected by CVE-2019-15726?
CVE-2019-15726 affects GitLab Community and Enterprise Edition versions up to 12.2.1.
What type of attack does CVE-2019-15726 expose users to?
CVE-2019-15726 exposes users to privacy risks by revealing their IP addresses through embedded media files.
Is there a workaround for CVE-2019-15726 if I cannot update GitLab?
No official workaround is recommended for CVE-2019-15726; updating is the best way to mitigate the risk.
- agent/references
- agent/type
- agent/severity
- agent/author
- agent/softwarecombine
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/gitlab
- canonical/gitlab
- version/gitlab/12.1.0
- version/gitlab/12.2.0