← back
CVE-2019-14942

CVE-2019-14942

CVSS 5.9 MEDIUMEPSS 0.5%CWE-319
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 5.9EPSS 0.5%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
15 Apr 2023Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
An issue was discovered in GitLab Community and Enterprise Edition before 11.11.8, 12 before 12.0.6, and 12.1 before 12.1.6. Cookies for GitLab Pages (which have access control) could be sent over cleartext HTTP.
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://about.gitlab.com/blog/categories/releases/https://about.gitlab.com/releases/2019/08/12/critical-security-release-gitlab-12-dot-1-dot-6-released/https://gitlab.com/gitlab-org/gitlab-pages/issues/232