CVE-2019-15576

Published: Dec 18, 2019Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

An information disclosure vulnerability exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.12 that allowed an attacker to view private system notes from a GraphQL endpoint.

Affected (6)

Products: Gitlab: Gitlab

Gitlab

1 product

Gitlab

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Gitlab Gitlab	Before 12.1.12
Gitlab Gitlab	From 12.2.0 to 12.2.6
Gitlab Gitlab	From 12.3.0 to 12.3.2
Gitlab Gitlab	Before 12.1.12
Gitlab Gitlab	From 12.2.0 to 12.2.6
Gitlab Gitlab	From 12.3.0 to 12.3.2

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

CWE-862

Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

References (2)

https://hackerone.com/reports/633001

Source: support@hackerone.com

ExploitIssue TrackingThird Party Advisory

https://hackerone.com/reports/633001

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingThird Party Advisory

Timeline

No history available yet.