Privilege Escalation Vulnerability in GitLab by GitLab Inc.
CVE-2019-5462
8.8HIGH
Key Information:
- Vendor
Gitlab
- Vendor
- CVE Published:
- 28 January 2020
What is CVE-2019-5462?
A privilege escalation issue exists in GitLab CE/EE versions 9.0 and later, where trigger tokens can be exploited if they are not rotated after ownership changes. This oversight allows unauthorized users to gain elevated access, potentially compromising the integrity of the project and sensitive data.
Affected Version(s)
GitLab Community Edition and GitLab Enterprise Edition Affects GitLab CE/EE 9.0 and later
GitLab Community Edition and GitLab Enterprise Edition Fixed in 12.1.2 in 12.0.4 and in 11.11.6