CVE-2019-12443 (NVD)

2020-03-10

An issue was discovered in GitLab Community and Enterprise Edition 10.2 through 11.11. Multiple features contained Server-Side Request Forgery (SSRF) vulnerabilities caused by an insufficient validation to prevent DNS rebinding attacks.

Products Gitlab
Type Server-Side Request Forgery (SSRF) (CWE-918)
First patch - None (likely due to unavailable code)
Links https://about.gitlab.com/releases/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/
https://about.gitlab.com/blog/categories/releases/