CVE Vulnerabilities

CVE-2019-15726

Published: Sep 16, 2019 | Modified: Jul 21, 2021
CVSS 3.x
5.3
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu
LOW

An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1. Embedded images and media files in markdown could be pointed to an arbitrary server, which would reveal the IP address of clients requesting the file from that server.

Affected Software

Name Vendor Start Version End Version
Gitlab Gitlab * 12.0.8 (excluding)
Gitlab Gitlab 12.1.0 (including) 12.1.8 (excluding)
Gitlab Gitlab 12.2.0 (including) 12.2.3 (excluding)
Gitlab Ubuntu esm-apps/xenial *
Gitlab Ubuntu upstream *
Gitlab Ubuntu xenial *

References