CVE-2019-15583
Published: 28 January 2020
An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE). When an issue was moved to a public project from a private one, the associated private labels and the private project namespace would be disclosed through the GitLab API.
Notes
Author | Note |
---|---|
msalvatore | Affects GitLab CE/EE 11.3 and later. |
Priority
Severity score breakdown
Parameter | Value |
---|---|
Base score | 7.5 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | None |
Availability impact | None |
Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15583
- https://about.gitlab.com/releases/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/
- https://about.gitlab.com/blog/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/
- https://hackerone.com/reports/643854
- NVD
- Launchpad
- Debian