CVE-2019-12825

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2019-12825
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-12825.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-12825
Published
2020-02-17T14:15:11.810Z
Modified
2026-04-10T04:12:06.610636Z
Severity
  • 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
[none]
Details

Unauthorized Access to the Container Registry of other groups was discovered in GitLab Enterprise 12.0.0-pre. In other words, authenticated remote attackers can read Docker registries of other groups. When a legitimate user changes the path of a group, Docker registries are not adapted, leaving them in the old namespace. They are not protected and are available to all other users with no previous access to the repo.

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events
Introduced
3a5f14fef4e06fb440f35522bfd52d43beb0cbec
Fixed
4878f9ac8941c5ad124c9f2216897109c5dde4af
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
3b13818e8330f68625d80d9bf5d8049c41fbe197
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
3b13818e8330f68625d80d9bf5d8049c41fbe197
Database specific 
{
    "versions": [
        {
            "introduced": "12.0.1"
        },
        {
            "fixed": "12.5.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "12.0.0-NA"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "12.0.0-pre"
        }
    ]
}

Affected versions

Other
11-10-0cfa69752d8-0d9531c80-ee
11-10-0cfa69752d8-74ffd66ae-ee
11-10-119f9509d50-6d7537235-ee
v1.*
v1.2.0
v1.2.0pre
v1.2.1
v1.2.2
v12.*
v12.0.0-ee
v12.5.0-rc42-ee
v12.5.0-rc43-ee
v12.5.0-rc44-ee
v2.*
v2.3.0
v2.3.0pre
v2.3.1
v2.4.0
v2.4.0pre
v2.4.1
v2.5.0
v2.6.0
v2.6.0pre
v2.6.1
v2.6.2
v2.6.3
v2.7.0
v2.7.0pre
v2.8.0
v2.8.0pre
v2.8.1
v2.8.2
v2.9.0
v2.9.1
v3.*
v3.0.0
v3.0.1
v3.0.2
v3.0.3
v3.1.0
v4.*
v4.0.0
v4.0.0rc1
v4.0.0rc2
v5.*
v5.0.0
v5.1.0
v5.2.0
v6.*
v6.0.0-ee
v6.0.0-ee.beta
v6.0.0-ee.rc1
v6.1.0-ee
v6.3.0-ee
v6.3.1-ee
v6.4.0-ee
v6.5.0-ee
v6.6.0-ee
v6.7.0-ee
v6.7.0.rc1-ee
v6.8.0-ee
v7.*
v7.0.0-ee
v7.1.0-ee
v7.1.0.rc1-ee
v7.2.0.rc1-ee
v7.2.0.rc2-ee
v7.2.0.rc3-ee
v7.2.0.rc4-ee
v7.2.0.rc5-ee
v7.3.0-ee
v7.3.0.rc1-ee

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-12825.json"