Service Notices
GitLab High-Risk Vulnerabilities (CVE-2019-14942/14943/14944)
Aug 22, 2019 GMT+08:00
I. Overview
Recently, the HUAWEI CLOUD security team noticed a critical security release by GitLab, which disclosed three high-risk vulnerabilities (CVE-2019-14942/14943/14944). Attackers can exploit these vulnerabilities to perform operations such as privilege escalation, remote code execution, and viewing internal resources of the host where the GitLab instance is located.
Reference link:
https://about.gitlab.com/2019/08/12/critical-security-release-gitlab-12-dot-1-dot-6-released/
II. Severity
Severity: important
(Severity: low, moderate, important, and critical)
III. Affected Products
Affected versions:
CVE-2019-14942 affects GitLab CE/EE 11.5 and later versions.
CVE-2019-14943 affects GitLab CE/EE 12.0 and later versions.
CVE-2019-14944 affects GitLab CE/EE 10.0 and later versions.
Secure versions:
GitLab CE/EE 12.1.6, GitLab CE/EE 12.0.6, and GitLab CE/EE 11.11.8
IV. Solutions
These vulnerabilities have been fixed in the latest official GitLab versions. Upgrade to the latest versions as soon as possible.
Upgrade guide: https://about.gitlab.com/update/index.html
Note: Before fixing vulnerabilities, back up your files and conduct a thorough test.