First published: Tue Jan 28 2020(Updated: )
A privilege escalation issue was discovered in GitLab CE/EE 9.0 and later when trigger tokens are not rotated once ownership of them has changed.
Credit: support@hackerone.com
Affected Software | Affected Version | How to fix |
---|---|---|
GitLab | >=9.0.0<11.11.7 | |
GitLab | >=9.0.0<11.11.7 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-5462 is assigned a medium severity rating due to its potential for privilege escalation.
To resolve CVE-2019-5462, upgrade to GitLab version 12.1.2 or later, which includes a fix for the vulnerability.
CVE-2019-5462 affects GitLab CE/EE versions from 9.0.0 to 11.11.7.
CVE-2019-5462 is classified as a privilege escalation vulnerability.
The cause of CVE-2019-5462 is the failure to rotate trigger tokens after their ownership has changed, allowing unauthorized access.