CVE-2019-5470

Published: Jan 28, 2020Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

An information disclosure issue was discovered GitLab versions < 12.1.2, < 12.0.4, and < 11.11.6 in the security dashboard which could result in disclosure of vulnerability feedback information.

Affected (6)

Products: Gitlab: Gitlab

1 product

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Gitlab Gitlab	From 10.8.0 to 11.11.6
Gitlab Gitlab	From 12.0.0 to 12.0.4
Gitlab Gitlab	From 12.1.0 to 12.1.2
Gitlab Gitlab	From 10.8.0 to 11.11.6
Gitlab Gitlab	From 12.0.0 to 12.0.4
Gitlab Gitlab	From 12.1.0 to 12.1.2

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

References (6)

https://about.gitlab.com/releases/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/

Source: support@hackerone.com

PatchRelease NotesVendor Advisory

https://gitlab.com/gitlab-org/gitlab-ee/issues/9665

Source: support@hackerone.com

Vendor Advisory

https://hackerone.com/reports/490250

Source: support@hackerone.com

Permissions Required

https://about.gitlab.com/releases/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/

Source: af854a3a-2127-422b-91ae-364da2661108

PatchRelease NotesVendor Advisory

https://gitlab.com/gitlab-org/gitlab-ee/issues/9665

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://hackerone.com/reports/490250

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions Required

Timeline

No history available yet.