CVE-2019-15577

Published: Dec 18, 2019Modified: Nov 21, 2024

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

An information disclosure vulnerability exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.12 that allowed project milestones to be disclosed via groups browsing.

Affected (6)

Products: Gitlab: Gitlab

Gitlab

1 product

Gitlab

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Gitlab Gitlab	Before 12.1.12
Gitlab Gitlab	From 12.2.0 to 12.2.6
Gitlab Gitlab	From 12.3.0 to 12.3.2
Gitlab Gitlab	Before 12.1.12
Gitlab Gitlab	From 12.2.0 to 12.2.6
Gitlab Gitlab	From 12.3.0 to 12.3.2

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

CWE-307

Improper Restriction of Excessive Authentication Attempts

The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks.

References (2)

https://hackerone.com/reports/636560

Source: support@hackerone.com

ExploitIssue TrackingThird Party Advisory

https://hackerone.com/reports/636560

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingThird Party Advisory

Timeline

No history available yet.