CVE-2019-15590

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2019-15590

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-15590.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-15590

Published

2020-01-28T03:15:10.717Z

Modified

2026-03-14T03:11:49.577744Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

An access control issue exists in < 12.3.5, < 12.2.8, and < 12.1.14 for GitLab Community Edition (CE) and Enterprise Edition (EE) where private merge requests and issues would be disclosed with the Group Search feature provided by Elasticsearch integration

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type

GIT

Repo

https://gitlab.com/gitlab-org/gitlab

Events

Introduced

1f2e6f3f6d84b8eab5526acdd69c38f5b78c3b0e

Fixed

d5b3df8d78487c9704f72a32faf3a66f8de02820

Introduced

1f2e6f3f6d84b8eab5526acdd69c38f5b78c3b0e

Fixed

d5b3df8d78487c9704f72a32faf3a66f8de02820

Introduced

30032e00da906361c553a1eef4ffcd13378b43ee

Fixed

60f4183870976246e6e6f1b2e5fd3d20a7fc1fd9

Introduced

30032e00da906361c553a1eef4ffcd13378b43ee

Fixed

60f4183870976246e6e6f1b2e5fd3d20a7fc1fd9

Introduced

c5ab21eda575676ffc46b85cab3456473c0357c6

Fixed

9dbaa74001832e0fdc20a7c0c46b2440fbb6e922

Introduced

c5ab21eda575676ffc46b85cab3456473c0357c6

Fixed

9dbaa74001832e0fdc20a7c0c46b2440fbb6e922

Database specific

{
    "versions": [
        {
            "introduced": "12.1.0"
        },
        {
            "fixed": "12.1.14"
        },
        {
            "introduced": "12.1.0"
        },
        {
            "fixed": "12.1.14"
        },
        {
            "introduced": "12.2.0"
        },
        {
            "fixed": "12.2.8"
        },
        {
            "introduced": "12.2.0"
        },
        {
            "fixed": "12.2.8"
        },
        {
            "introduced": "12.3.0"
        },
        {
            "fixed": "12.3.5"
        },
        {
            "introduced": "12.3.0"
        },
        {
            "fixed": "12.3.5"
        }
    ]
}

Affected versions

v12.*

v12.1.0-ee

v12.1.1-ee

v12.1.10-ee

v12.1.11-ee

v12.1.12-ee

v12.1.13-ee

v12.1.2-ee

v12.1.3-ee

v12.1.4-ee

v12.1.6-ee

v12.1.8-ee

v12.1.9-ee

v12.2.0-ee

v12.2.1-ee

v12.2.3-ee

v12.2.4-ee

v12.2.5-ee

v12.2.6-ee

v12.2.7-ee

v12.3.0-ee

v12.3.1-ee

v12.3.2-ee

v12.3.3-ee

v12.3.4-ee

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-15590.json"