CVE-2019-19628

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2019-19628

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-19628.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-19628

Published

2020-01-05T22:15:11.173Z

Modified

2026-04-10T04:16:52.235580Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

In GitLab EE 11.3 through 12.5.3, 12.4.5, and 12.3.8, insufficient parameter sanitization for the Maven package registry could lead to privilege escalation and remote code execution vulnerabilities under certain conditions.

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type

GIT

Repo

https://gitlab.com/gitlab-org/gitlab

Events

Introduced

1bbe39452664021af90851aef8527ce5e850343e

Last affected

5b6250ce868e5e25ff15d67f9002c357ae4f5b17

Introduced

572e09f5e8fcd54b0366836668e6685da68de22f

Last affected

4025dea89989ebe3bb6dcc8d5d9ddf9015cd868f

Introduced

4878f9ac8941c5ad124c9f2216897109c5dde4af

Last affected

6395589327610e6fa37aa26115be8040b0c25a6b

Database specific

{
    "versions": [
        {
            "introduced": "11.3.0"
        },
        {
            "last_affected": "12.3.8"
        },
        {
            "introduced": "12.4.0"
        },
        {
            "last_affected": "12.4.5"
        },
        {
            "introduced": "12.5.0"
        },
        {
            "last_affected": "12.5.3"
        }
    ]
}

Affected versions

v12.*

v12.4.0-ee

v12.4.2-ee

v12.4.3-ee

v12.4.5-ee

v12.5.0-ee

v12.5.3-ee

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-19628.json"