CVE-2019-15721

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2019-15721
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-15721.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-15721
Published
2019-09-16T17:15:13.387Z
Modified
2026-04-10T04:12:34.163783Z
Severity
  • 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

An issue was discovered in GitLab Community and Enterprise Edition 10.8 through 12.2.1. An internal endpoint unintentionally allowed group maintainers to view and edit group runner settings.

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events
Introduced
342f33beb2ce090cfabfd0a5e7327b78d04588bb
Fixed
f24cca94101de4e53f2be08deba3a15254823808
Introduced
342f33beb2ce090cfabfd0a5e7327b78d04588bb
Fixed
f24cca94101de4e53f2be08deba3a15254823808
Introduced
1f2e6f3f6d84b8eab5526acdd69c38f5b78c3b0e
Fixed
a9cdd7fb733c20e5f8790f71921cb6540b5ac92a
Introduced
1f2e6f3f6d84b8eab5526acdd69c38f5b78c3b0e
Fixed
a9cdd7fb733c20e5f8790f71921cb6540b5ac92a
Introduced
30032e00da906361c553a1eef4ffcd13378b43ee
Fixed
3a1dd80d30c720f1ba829178a698c3a34b7dfc25
Introduced
30032e00da906361c553a1eef4ffcd13378b43ee
Fixed
3a1dd80d30c720f1ba829178a698c3a34b7dfc25
Database specific 
{
    "versions": [
        {
            "introduced": "10.8.0"
        },
        {
            "fixed": "12.0.8"
        },
        {
            "introduced": "10.8.0"
        },
        {
            "fixed": "12.0.8"
        },
        {
            "introduced": "12.1.0"
        },
        {
            "fixed": "12.1.8"
        },
        {
            "introduced": "12.1.0"
        },
        {
            "fixed": "12.1.8"
        },
        {
            "introduced": "12.2.0"
        },
        {
            "fixed": "12.2.3"
        },
        {
            "introduced": "12.2.0"
        },
        {
            "fixed": "12.2.3"
        }
    ]
}

Affected versions

v12.*
v12.1.0-ee
v12.1.1-ee
v12.1.2-ee
v12.1.3-ee
v12.1.4-ee
v12.1.6-ee
v12.2.0-ee
v12.2.1-ee

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-15721.json"