CVE-2019-12434

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2019-12434

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-12434.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-12434

Published

2020-03-10T14:15:11.957Z

Modified

2026-04-10T04:12:02.629520Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

An issue was discovered in GitLab Community and Enterprise Edition 10.6 through 11.11. Users could guess the URL slug of private projects through the contrast of the destination URLs of issues linked in comments. It allows Information Disclosure.

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type

GIT

Repo

https://gitlab.com/gitlab-org/gitlab

Events

Introduced

3d59f5643aa87ca1fc506bf1ad37262d8ca6b4d6

Last affected

deb6f84e91fe4d21daa6b5558c517254ea2668a3

Introduced

3d59f5643aa87ca1fc506bf1ad37262d8ca6b4d6

Last affected

deb6f84e91fe4d21daa6b5558c517254ea2668a3

Database specific

{
    "versions": [
        {
            "introduced": "10.6.0"
        },
        {
            "last_affected": "11.11.0"
        },
        {
            "introduced": "10.6.0"
        },
        {
            "last_affected": "11.11.0"
        }
    ]
}

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-12434.json"