UBUNTU-CVE-2019-15726

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2019-15726

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-15726.json

JSON Data

https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2019-15726

Related

CVE-2019-15726

Published

2019-09-16T17:15:00Z

Modified

2025-01-13T10:21:59Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1. Embedded images and media files in markdown could be pointed to an arbitrary server, which would reveal the IP address of clients requesting the file from that server.

References

Affected packages

Ubuntu:Pro:16.04:LTS / gitlab

Package

Name: gitlab
Purl: pkg:deb/ubuntu/gitlab@8.5.8+dfsg-5?arch=source&distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

8.*

8.4.3+dfsg-9

8.4.3+dfsg-12

8.5.8+dfsg-5

Ecosystem specific

{
    "ubuntu_priority": "low"
}