Server-side request forgery (SSRF) vulnerability in Gitlab-ce and Gitlab-ee - CVE-2019-15728 (dpkg)ID: oval:org.secpod.oval:def:59446 | Date: (C)2019-10-28 (M)2023-08-03 |
Class: VULNERABILITY | Family: unix |
The host is installed with Gitlab-ce or Gitlab-ee 10.1 through 12.2.1 and is prone to a server-side request forgery vulnerability. A flaw is present in the application, which fails to handle the kubernetes integration in gitlab. Successful exploitation allows attackers to request any local network resource accessible from the GitLab server.
Product: |
gitlab-ce |
gitlab-ee |