CVE-2019-12429

Published: Mar 10, 2020Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

An issue was discovered in GitLab Community and Enterprise Edition 11.9 through 11.11. Unprivileged users were able to access labels, status and merge request counts of confidential issues via the milestone details page. It has Improper Access Control.

Affected (2)

Products: Gitlab: Gitlab

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Gitlab Gitlab	From 11.9.0 to 11.11.0
Gitlab Gitlab	From 11.9.0 to 11.11.0

References (4)

https://about.gitlab.com/blog/categories/releases/

Source: cve@mitre.org

Release NotesVendor Advisory

https://about.gitlab.com/releases/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/

Source: cve@mitre.org

Release NotesVendor Advisory

https://about.gitlab.com/blog/categories/releases/

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

https://about.gitlab.com/releases/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

Timeline

No history available yet.