CVE-2019-13005

Source
https://cve.org/CVERecord?id=CVE-2019-13005
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-13005.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-13005
Published
2020-03-10T15:15:15.917Z
Modified
2026-04-10T04:14:35.536899Z
Severity
  • 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
[none]
Details

An issue was discovered in GitLab Enterprise Edition and Community Edition 1.10 through 12.0.2. The GitLab graphql service was vulnerable to multiple authorization issues that disclosed restricted user, group, and repository metadata to unauthorized users. It has Incorrect Access Control.

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events
Database specific
{
    "versions": [
        {
            "introduced": "11.10.0"
        },
        {
            "last_affected": "12.0.2"
        },
        {
            "introduced": "11.10.0"
        },
        {
            "last_affected": "12.0.2"
        }
    ]
}

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-13005.json"