CVE-2019-15589

Published: Dec 18, 2019Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

An improper access control vulnerability exists in Gitlab <v12.3.2, <v12.2.6, <v12.1.12 which would allow a blocked user would be able to use GIT clone and pull if he had obtained a CI/CD token before.

Affected (6)

Products: Gitlab: Gitlab

Gitlab

1 product

Gitlab

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Gitlab Gitlab	Before 12.1.12
Gitlab Gitlab	From 12.2.0 to 12.2.6
Gitlab Gitlab	From 12.3.0 to 12.3.2
Gitlab Gitlab	Before 12.1.12
Gitlab Gitlab	From 12.2.0 to 12.2.6
Gitlab Gitlab	From 12.3.0 to 12.3.2

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (2)

https://hackerone.com/reports/497047

Source: support@hackerone.com

ExploitIssue TrackingThird Party Advisory

https://hackerone.com/reports/497047

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingThird Party Advisory

Timeline

No history available yet.