CVE-2019-6790

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2019-6790
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-6790.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-6790
Published
2019-05-17T16:29:05.940Z
Modified
2026-04-10T04:19:54.504043Z
Severity
  • 4.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
[none]
Details

An Incorrect Access Control (issue 2 of 3) issue was discovered in GitLab Community and Enterprise Edition 8.14 and later but before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. Guest users were able to view the list of a group's merge requests.

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events
Introduced
4ae57e0b374bbb8e461305d8a7a68b550bdd768d
Fixed
abfb287f424b28a64807bf9ba12c4a909e8d9f86
Introduced
4ae57e0b374bbb8e461305d8a7a68b550bdd768d
Fixed
abfb287f424b28a64807bf9ba12c4a909e8d9f86
Introduced
4c09765c6424a96be7c7ae7707db3bda4e9c4ab4
Fixed
e9c988e44da4af7bf7a3f01edc7eb1eccb348ff5
Introduced
4c09765c6424a96be7c7ae7707db3bda4e9c4ab4
Fixed
e9c988e44da4af7bf7a3f01edc7eb1eccb348ff5
Introduced
c02f0d47774ac40ee0d1097d00d7980ef0c7012c
Fixed
51b69167426f1a15449328d5221a96d7306d7fc5
Introduced
c02f0d47774ac40ee0d1097d00d7980ef0c7012c
Fixed
51b69167426f1a15449328d5221a96d7306d7fc5
Database specific 
{
    "versions": [
        {
            "introduced": "8.14.0"
        },
        {
            "fixed": "11.5.8"
        },
        {
            "introduced": "8.14.0"
        },
        {
            "fixed": "11.5.8"
        },
        {
            "introduced": "11.6.0"
        },
        {
            "fixed": "11.6.6"
        },
        {
            "introduced": "11.6.0"
        },
        {
            "fixed": "11.6.6"
        },
        {
            "introduced": "11.7.0"
        },
        {
            "fixed": "11.7.1"
        },
        {
            "introduced": "11.7.0"
        },
        {
            "fixed": "11.7.1"
        }
    ]
}

Affected versions

v11.*
v11.6.0-ee
v11.6.1-ee
v11.6.2-ee
v11.6.3-ee
v11.6.4-ee
v11.6.5-ee
v11.7.0-ee

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-6790.json"