CVE-2019-14944 Information

Description

An issue was discovered in GitLab Community and Enterprise Edition before 11.11.8 12 before 12.0.6 and 12.1 before 12.1.6. Gitaly allows injection of command-line flags. This sometimes leads to privilege escalation or remote code execution.

Reference

https://gitlab.com/gitlab-org/gitaly/issues/1801 https://about.gitlab.com/releases/2019/08/12/critical-security-release-gitlab-12-dot-1-dot-6-released/ https://about.gitlab.com/blog/categories/releases/ https://gitlab.com/gitlab-org/gitaly/issues/1802