Allele Security Alert
ASA-2019-00219
Identifier(s)
ASA-2019-00219, CVE-2019-10117
Title
Open redirect
Vendor(s)
GitLab
Product(s)
GitLab Community Edition (CE)
GitLab Enterprise Edition (EE)
Affected version(s)
Affects GitLab CE/EE 11.9 and later
Fixed version(s)
GitLab Community Edition (CE) and GitLab Enterprise Edition (EE) 11.9.4
GitLab Community Edition (CE) and GitLab Enterprise Edition (EE) 11.8.6
GitLab Community Edition (CE) and GitLab Enterprise Edition (EE) 11.7.10
Proof of concept
Unknown
Description
Within the GeoAuthController for the secondary Geo node, a redirect is triggered after successful authentication which was subject to an open redirect vulnerability.
Technical details
Unknown
Credits
Recurity
Reference(s)
GitLab Security Release: 11.9.4, 11.8.6, and 11.7.10
https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released/
CVE-2019-10117
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10117
CVE-2019-10117
https://nvd.nist.gov/vuln/detail/CVE-2019-10117
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: April 24, 2019