CVE-2019-15726

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2019-15726
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-15726.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2019-15726
Downstream
Related
Published
2019-09-16T17:15:13.697Z
Modified
2026-04-09T06:33:00.001061Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
[none]
Details

An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1. Embedded images and media files in markdown could be pointed to an arbitrary server, which would reveal the IP address of clients requesting the file from that server.

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
f24cca94101de4e53f2be08deba3a15254823808
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
f24cca94101de4e53f2be08deba3a15254823808
Introduced
1f2e6f3f6d84b8eab5526acdd69c38f5b78c3b0e
Fixed
a9cdd7fb733c20e5f8790f71921cb6540b5ac92a
Introduced
1f2e6f3f6d84b8eab5526acdd69c38f5b78c3b0e
Fixed
a9cdd7fb733c20e5f8790f71921cb6540b5ac92a
Introduced
30032e00da906361c553a1eef4ffcd13378b43ee
Fixed
3a1dd80d30c720f1ba829178a698c3a34b7dfc25
Introduced
30032e00da906361c553a1eef4ffcd13378b43ee
Fixed
3a1dd80d30c720f1ba829178a698c3a34b7dfc25
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "12.0.8"
        },
        {
            "introduced": "0"
        },
        {
            "fixed": "12.0.8"
        },
        {
            "introduced": "12.1.0"
        },
        {
            "fixed": "12.1.8"
        },
        {
            "introduced": "12.1.0"
        },
        {
            "fixed": "12.1.8"
        },
        {
            "introduced": "12.2.0"
        },
        {
            "fixed": "12.2.3"
        },
        {
            "introduced": "12.2.0"
        },
        {
            "fixed": "12.2.3"
        }
    ]
}

Affected versions

Other
11-10-0cfa69752d8-0d9531c80-ee
11-10-0cfa69752d8-74ffd66ae-ee
11-10-119f9509d50-6d7537235-ee
v1.*
v1.2.0
v1.2.0pre
v1.2.1
v1.2.2
v12.*
v12.0.0-ee
v12.0.1-ee
v12.0.2-ee
v12.0.3-ee
v12.0.4-ee
v12.0.6-ee
v12.1.0-ee
v12.1.1-ee
v12.1.2-ee
v12.1.3-ee
v12.1.4-ee
v12.1.6-ee
v12.2.0-ee
v12.2.1-ee
v2.*
v2.3.0
v2.3.0pre
v2.3.1
v2.4.0
v2.4.0pre
v2.4.1
v2.5.0
v2.6.0
v2.6.0pre
v2.6.1
v2.6.2
v2.6.3
v2.7.0
v2.7.0pre
v2.8.0
v2.8.0pre
v2.8.1
v2.8.2
v2.9.0
v2.9.1
v3.*
v3.0.0
v3.0.1
v3.0.2
v3.0.3
v3.1.0
v4.*
v4.0.0
v4.0.0rc1
v4.0.0rc2
v5.*
v5.0.0
v5.1.0
v5.2.0
v6.*
v6.0.0-ee
v6.0.0-ee.beta
v6.0.0-ee.rc1
v6.1.0-ee
v6.3.0-ee
v6.3.1-ee
v6.4.0-ee
v6.5.0-ee
v6.6.0-ee
v6.7.0-ee
v6.7.0.rc1-ee
v6.8.0-ee
v7.*
v7.0.0-ee
v7.1.0-ee
v7.1.0.rc1-ee
v7.2.0.rc1-ee
v7.2.0.rc2-ee
v7.2.0.rc3-ee
v7.2.0.rc4-ee
v7.2.0.rc5-ee
v7.3.0-ee
v7.3.0.rc1-ee

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-15726.json"