CVE-2019-15582

5.3MEDIUM

Key Information:

Vendor: Gitlab
Status: Gitlab Ee
Vendor: CVE Published:; 28 January 2020

Summary

An IDOR was discovered in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) that allowed a maintainer to add any private group to a protected environment.

Affected Version(s)

GitLab EE before 12.3.2

GitLab EE before 12.2.6

GitLab EE before 12.1.12

References

https://about.gitlab.com/blog/2019/09/30/security-release...

x_refsource_MISC

https://hackerone.com/reports/566216

x_refsource_MISC

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 28, 2020
Vulnerability Reserved
Aug 26, 2019

Collectors

NVD DatabaseMitre Database