CVE-2019-15590

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2019-15590

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-15590.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-15590

Published

2020-01-28T03:15:10Z

Modified

2025-02-19T03:16:05.559536Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

An access control issue exists in < 12.3.5, < 12.2.8, and < 12.1.14 for GitLab Community Edition (CE) and Enterprise Edition (EE) where private merge requests and issues would be disclosed with the Group Search feature provided by Elasticsearch integration

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type: GIT
Repo: https://gitlab.com/gitlab-org/gitlab
Events: Introduced

1f2e6f3f6d84b8eab5526acdd69c38f5b78c3b0e

Fixed

d5b3df8d78487c9704f72a32faf3a66f8de02820

Affected versions

v12.*

v12.1.0-ee

v12.1.1-ee

v12.1.10-ee

v12.1.11-ee

v12.1.12-ee

v12.1.13-ee

v12.1.2-ee

v12.1.3-ee

v12.1.4-ee

v12.1.6-ee

v12.1.8-ee

v12.1.9-ee