CVE-2019-5465

Published: Jan 28, 2020Modified: Nov 21, 2024

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

An information disclosure issue was discovered in GitLab CE/EE 8.14 and later, by using the move issue feature which could result in disclosure of the newly created issue ID.

Affected (2)

Products: Gitlab: Gitlab

Gitlab

1 product

Gitlab

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Gitlab Gitlab	From 8.14.0 to 11.11.7
Gitlab Gitlab	From 8.14.0 to 11.11.7

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (6)

https://about.gitlab.com/releases/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/

Source: support@hackerone.com

PatchRelease NotesVendor Advisory

https://gitlab.com/gitlab-org/gitlab-ce/issues/62070

Source: support@hackerone.com

ExploitVendor Advisory

https://hackerone.com/reports/584534

Source: support@hackerone.com

Permissions Required

https://about.gitlab.com/releases/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/

Source: af854a3a-2127-422b-91ae-364da2661108

PatchRelease NotesVendor Advisory

https://gitlab.com/gitlab-org/gitlab-ce/issues/62070

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitVendor Advisory

https://hackerone.com/reports/584534

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions Required

Timeline

No history available yet.