Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2019-12444
CVE-2019-12444:
GitLab vulnerability analysis and mitigation
Overview
A persistent Cross-Site Scripting (XSS) vulnerability was discovered in GitLab Community and Enterprise Edition versions 8.9 through 11.11. The vulnerability was identified in the Wiki Pages feature due to insufficient input validation. The issue was disclosed and fixed on June 3, 2019 (GitLab Release).
Technical details
The vulnerability stemmed from a lack of input validation in the Wiki Pages feature of GitLab, which allowed for persistent XSS attacks. The issue affected both Community Edition (CE) and Enterprise Edition (EE) of GitLab, spanning versions from 8.9 through 11.11 (GitLab Release).
Impact
The vulnerability could allow attackers to execute malicious JavaScript code through Wiki Pages, potentially leading to session hijacking, data theft, or other client-side attacks against GitLab users (GitLab Release).
Mitigation and workarounds
GitLab addressed this vulnerability in versions 11.11.1, 11.10.5, and 11.9.12. Users running affected versions were strongly recommended to upgrade to these patched versions immediately to mitigate the risk (GitLab Release).
Additional resources
Source: This report was generated using AI
Related GitLab vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management