Access Control Vulnerability in GitLab Community and Enterprise Editions
CVE-2019-15590

7.5HIGH

Key Information:

Vendor: Gitlab
Status: Gitlab Ee
Vendor: CVE Published:; 28 January 2020

What is CVE-2019-15590?

An access control flaw has been identified in specific versions of GitLab Community and Enterprise Editions, where private merge requests and issues may inadvertently be exposed through the Group Search functionality enabled by Elasticsearch integration. This vulnerability poses a risk to user privacy and data confidentiality, allowing unauthorized access to sensitive information if not addressed promptly. Users of affected versions should consider upgrading to the latest versions to mitigate the risks associated with this security issue.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

GitLab EE before 12.3.5

GitLab EE before 12.2.8

GitLab EE before 12.1.14

References

https://hackerone.com/reports/701144

x_refsource_MISC

https://about.gitlab.com/releases/2019/10/07/security-rel...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 28, 2020
Vulnerability Reserved
Aug 26, 2019

JSON

Gitlab

What is CVE-2019-15590?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.