An issue was discovered in GitLab Omnibus 7.4 through 12.2.1. An unsafe interaction with logrotate could result in a privilege escalation
References
| Link | Resource |
|---|---|
| http://packetstormsecurity.com/files/154734/GitLab-Omnibus-12.2.1-Logrotate-Privilege-Escalation.html | Exploit Third Party Advisory VDB Entry |
| http://seclists.org/fulldisclosure/2019/Oct/7 | Exploit Mailing List Third Party Advisory |
| https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/ | Broken Link Release Notes |
| https://gitlab.com/gitlab-org/omnibus-gitlab/issues/4380 | Exploit Issue Tracking Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
28 Feb 2023, 20:05
| Type | Values Removed | Values Added |
|---|---|---|
| References | (MISC) https://gitlab.com/gitlab-org/omnibus-gitlab/issues/4380 - Exploit, Issue Tracking, Vendor Advisory | |
| References | (MISC) https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/ - Broken Link, Release Notes | |
| References | (MISC) http://packetstormsecurity.com/files/154734/GitLab-Omnibus-12.2.1-Logrotate-Privilege-Escalation.html - Exploit, Third Party Advisory, VDB Entry | |
| References | (FULLDISC) http://seclists.org/fulldisclosure/2019/Oct/7 - Exploit, Mailing List, Third Party Advisory |
Information
Published : 2019-09-16 18:15
Updated : 2023-12-10 12:59
NVD link : CVE-2019-15741
Mitre link : CVE-2019-15741
CVE.ORG link : CVE-2019-15741
JSON object : View
Products Affected
gitlab
- omnibus
CWE