An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.2.1. An IDOR in the epic notes API that could result in disclosure of private milestones, labels, and other information.
References
Link | Resource |
---|---|
https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/ | Release Notes Vendor Advisory |
https://gitlab.com/gitlab-org/gitlab-ee/issues/11431 | Broken Link |
https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/ | Release Notes Vendor Advisory |
https://gitlab.com/gitlab-org/gitlab-ee/issues/11431 | Broken Link |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 04:29
Type | Values Removed | Values Added |
---|---|---|
References | () https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/ - Release Notes, Vendor Advisory | |
References | () https://gitlab.com/gitlab-org/gitlab-ee/issues/11431 - Broken Link |
Information
Published : 2019-09-16 17:15
Updated : 2024-11-21 04:29
NVD link : CVE-2019-15725
Mitre link : CVE-2019-15725
CVE.ORG link : CVE-2019-15725
JSON object : View
Products Affected
gitlab
- gitlab
CWE
CWE-639
Authorization Bypass Through User-Controlled Key