CVE-2019-13002

Published: Mar 10, 2020Modified: Nov 21, 2024

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

An issue was discovered in GitLab Community and Enterprise Edition 11.10 through 12.0.2. Unauthorized users were able to read pipeline information of the last merge request. It has Incorrect Access Control.

Affected (2)

Products: Gitlab: Gitlab

Gitlab

1 product

Gitlab

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Gitlab Gitlab	From 11.10.0 to 12.0.2
Gitlab Gitlab	From 11.10.0 to 12.0.2

References (4)

https://about.gitlab.com/blog/categories/releases/

Source: cve@mitre.org

Release NotesVendor Advisory

https://about.gitlab.com/releases/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/

Source: cve@mitre.org

Release NotesVendor Advisory

https://about.gitlab.com/blog/categories/releases/

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

https://about.gitlab.com/releases/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

Timeline

No history available yet.