Server-side request forgery (SSRF) vulnerability in Gitlab-ce and Gitlab-ee - CVE-2019-9174 (rpm)ID: oval:org.secpod.oval:def:59437 | Date: (C)2019-10-28 (M)2023-08-03 |
Class: VULNERABILITY | Family: unix |
The host is installed with Gitlab-ce or Gitlab-ee before 11.6.10, 11.7.x before 11.7.6 or 11.8.x before 11.8.1 and is prone to a server-side request forgery vulnerability. A flaw is present in the application, which fails to handle the prometheus integration in gitlab. Successful exploitation allows attackers to make requests to any local network resource accessible from the GitLab server.
Product: |
gitlab-ce |
gitlab-ee |