CVE-2019-5472

Published: Jan 28, 2020Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

An authorization issue was discovered in Gitlab versions < 12.1.2, < 12.0.4, and < 11.11.6 that prevented owners and maintainer to delete epic comments.

Affected (6)

Products: Gitlab: Gitlab

1 product

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Gitlab Gitlab	From 11.11.0 to 11.11.6
Gitlab Gitlab	From 12.0.0 to 12.0.4
Gitlab Gitlab	From 12.1.0 to 12.1.2
Gitlab Gitlab	From 11.11.0 to 11.11.6
Gitlab Gitlab	From 12.0.0 to 12.0.4
Gitlab Gitlab	From 12.1.0 to 12.1.2

Related CWEs

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References (6)

https://about.gitlab.com/releases/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/

Source: support@hackerone.com

PatchRelease NotesVendor Advisory

https://gitlab.com/gitlab-org/gitlab-ee/issues/11381

Source: support@hackerone.com

ExploitVendor Advisory

https://hackerone.com/reports/538101

Source: support@hackerone.com

Permissions Required

https://about.gitlab.com/releases/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/

Source: af854a3a-2127-422b-91ae-364da2661108

PatchRelease NotesVendor Advisory

https://gitlab.com/gitlab-org/gitlab-ee/issues/11381

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitVendor Advisory

https://hackerone.com/reports/538101

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions Required

Timeline

No history available yet.