CVE-2019-15725

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2019-15725
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-15725.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-15725
Published
2019-09-16T17:15:13.637Z
Modified
2026-03-14T11:55:59.172795Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.2.1. An IDOR in the epic notes API that could result in disclosure of private milestones, labels, and other information.

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events
Introduced
3b13818e8330f68625d80d9bf5d8049c41fbe197
Fixed
f24cca94101de4e53f2be08deba3a15254823808
Introduced
3b13818e8330f68625d80d9bf5d8049c41fbe197
Fixed
f24cca94101de4e53f2be08deba3a15254823808
Introduced
1f2e6f3f6d84b8eab5526acdd69c38f5b78c3b0e
Fixed
a9cdd7fb733c20e5f8790f71921cb6540b5ac92a
Introduced
1f2e6f3f6d84b8eab5526acdd69c38f5b78c3b0e
Fixed
a9cdd7fb733c20e5f8790f71921cb6540b5ac92a
Introduced
30032e00da906361c553a1eef4ffcd13378b43ee
Fixed
3a1dd80d30c720f1ba829178a698c3a34b7dfc25
Introduced
30032e00da906361c553a1eef4ffcd13378b43ee
Fixed
3a1dd80d30c720f1ba829178a698c3a34b7dfc25
Database specific 
{
    "versions": [
        {
            "introduced": "12.0.0"
        },
        {
            "fixed": "12.0.8"
        },
        {
            "introduced": "12.0.0"
        },
        {
            "fixed": "12.0.8"
        },
        {
            "introduced": "12.1.0"
        },
        {
            "fixed": "12.1.8"
        },
        {
            "introduced": "12.1.0"
        },
        {
            "fixed": "12.1.8"
        },
        {
            "introduced": "12.2.0"
        },
        {
            "fixed": "12.2.3"
        },
        {
            "introduced": "12.2.0"
        },
        {
            "fixed": "12.2.3"
        }
    ]
}

Affected versions

v12.*
v12.0.0-ee
v12.0.1-ee
v12.0.2-ee
v12.0.3-ee
v12.0.4-ee
v12.0.6-ee
v12.1.0-ee
v12.1.1-ee
v12.1.2-ee
v12.1.3-ee
v12.1.4-ee
v12.1.6-ee
v12.2.0-ee
v12.2.1-ee

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-15725.json"