Service Notices

All Notices > Security Notices > GitLab High-Risk Vulnerabilities (CVE-2019-14942/14943/14944)

GitLab High-Risk Vulnerabilities (CVE-2019-14942/14943/14944)

Aug 22, 2019 GMT+08:00

I. Overview

Recently, the HUAWEI CLOUD security team noticed a critical security release by GitLab, which disclosed three high-risk vulnerabilities (CVE-2019-14942/14943/14944). Attackers can exploit these vulnerabilities to perform operations such as privilege escalation, remote code execution, and viewing internal resources of the host where the GitLab instance is located.

Reference link:

https://about.gitlab.com/2019/08/12/critical-security-release-gitlab-12-dot-1-dot-6-released/

II. Severity

Severity: important

(Severity: low, moderate, important, and critical)

III. Affected Products

Affected versions:

CVE-2019-14942 affects GitLab CE/EE 11.5 and later versions.

CVE-2019-14943 affects GitLab CE/EE 12.0 and later versions.

CVE-2019-14944 affects GitLab CE/EE 10.0 and later versions.

Secure versions:

GitLab CE/EE 12.1.6, GitLab CE/EE 12.0.6, and GitLab CE/EE 11.11.8

IV. Solutions

These vulnerabilities have been fixed in the latest official GitLab versions. Upgrade to the latest versions as soon as possible.

Upgrade guide: https://about.gitlab.com/update/index.html

Note: Before fixing vulnerabilities, back up your files and conduct a thorough test.