{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-21T06:15:03.820","vulnerabilities":[{"cve":{"id":"CVE-2019-5461","sourceIdentifier":"support@hackerone.com","published":"2019-09-09T17:15:14.003","lastModified":"2026-06-17T02:37:43.797","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An input validation problem was discovered in the GitHub service integration which could result in an attacker being able to make arbitrary POST requests in a GitLab instance's internal network. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6."},{"lang":"es","value":"Se descubrió un problema de comprobación de entrada en la integración del servicio GitHub que podría resultar en que un atacante pueda realizar peticiones POST arbitrarias en la red interna de una instancia de GitLab. Esta vulnerabilidad se abordó en las versiones 12.1.2, 12.0.4 y 11.11.6."}],"affected":[{"source":"support@hackerone.com","affectedData":[{"vendor":"n/a","product":"GitLab Community Edition","versions":[{"version":"Fix Versions: 12.1.2, 12.0.4, and 11.11.6","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":3.5,"baseSeverity":"LOW","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.1,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:N/I:P/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"support@hackerone.com","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*","versionStartIncluding":"11.11.0","versionEndExcluding":"11.11.7","matchCriteriaId":"33FB67D6-7874-4224-A89C-BFD3080796DA"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"11.11.0","versionEndExcluding":"11.11.7","matchCriteriaId":"0ABDFAF2-C1E3-4416-8E67-1CF2ABA29FEF"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*","versionStartIncluding":"12.0.0","versionEndExcluding":"12.0.4","matchCriteriaId":"62DEEA13-4D2C-436B-9780-983FC707DDF6"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"12.0.0","versionEndExcluding":"12.0.4","matchCriteriaId":"595B584B-2A5C-44F6-AC4C-51ACF913C6C5"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*","versionStartIncluding":"12.1.0","versionEndExcluding":"12.1.2","matchCriteriaId":"99659BEC-15D0-4E75-BEBE-727FC32D9B35"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"12.1.0","versionEndExcluding":"12.1.2","matchCriteriaId":"D12A3A81-4A4F-441A-A820-F2D19B1A5C89"}]}]}],"references":[{"url":"https://gitlab.com//gitlab-org/gitlab-ce/issues/54649","source":"support@hackerone.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://hackerone.com/reports/446593","source":"support@hackerone.com","tags":["Third Party Advisory"]},{"url":"https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/","source":"nvd@nist.gov","tags":["Vendor Advisory"]},{"url":"https://gitlab.com//gitlab-org/gitlab-ce/issues/54649","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Vendor Advisory"]},{"url":"https://hackerone.com/reports/446593","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}