CVE-2019-6996

An issue was discovered in GitLab Enterprise Edition 10.x (starting in 10.6) and 11.x before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control. The merge request approvers section has an access control issue that permits project maintainers to view membership of private groups.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

History

21 Nov 2024, 04:47

Type Values Removed Values Added
References () https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/ - Release Notes, Vendor Advisory () https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/ - Release Notes, Vendor Advisory
References () https://gitlab.com/gitlab-org/gitlab-ee/issues/8187 - Issue Tracking, Third Party Advisory () https://gitlab.com/gitlab-org/gitlab-ee/issues/8187 - Issue Tracking, Third Party Advisory

Information

Published : 2019-09-09 20:15

Updated : 2024-11-21 04:47


NVD link : CVE-2019-6996

Mitre link : CVE-2019-6996

CVE.ORG link : CVE-2019-6996


JSON object : View

Products Affected

gitlab

  • gitlab
CWE
CWE-269

Improper Privilege Management