CVE-2019-6996

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2019-6996
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-6996.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-6996
Published
2019-09-09T20:15:12.697Z
Modified
2026-04-10T04:19:56.176090Z
Severity
  • 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
[none]
Details

An issue was discovered in GitLab Enterprise Edition 10.x (starting in 10.6) and 11.x before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control. The merge request approvers section has an access control issue that permits project maintainers to view membership of private groups.

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events
Introduced
3d59f5643aa87ca1fc506bf1ad37262d8ca6b4d6
Last affected
075705a5f3bd9748d92cf48073bfe9e79b58f385
Introduced
3d59f5643aa87ca1fc506bf1ad37262d8ca6b4d6
Last affected
075705a5f3bd9748d92cf48073bfe9e79b58f385
Introduced
c6f72ac9a88521257991aa9a0cc6d558126f5bb9
Fixed
abfb287f424b28a64807bf9ba12c4a909e8d9f86
Introduced
c6f72ac9a88521257991aa9a0cc6d558126f5bb9
Fixed
abfb287f424b28a64807bf9ba12c4a909e8d9f86
Introduced
4c09765c6424a96be7c7ae7707db3bda4e9c4ab4
Fixed
e9c988e44da4af7bf7a3f01edc7eb1eccb348ff5
Introduced
4c09765c6424a96be7c7ae7707db3bda4e9c4ab4
Fixed
e9c988e44da4af7bf7a3f01edc7eb1eccb348ff5
Introduced
c02f0d47774ac40ee0d1097d00d7980ef0c7012c
Fixed
51b69167426f1a15449328d5221a96d7306d7fc5
Introduced
c02f0d47774ac40ee0d1097d00d7980ef0c7012c
Fixed
51b69167426f1a15449328d5221a96d7306d7fc5
Database specific 
{
    "versions": [
        {
            "introduced": "10.6.0"
        },
        {
            "last_affected": "10.8.7"
        },
        {
            "introduced": "10.6.0"
        },
        {
            "last_affected": "10.8.7"
        },
        {
            "introduced": "11.0.0"
        },
        {
            "fixed": "11.5.8"
        },
        {
            "introduced": "11.0.0"
        },
        {
            "fixed": "11.5.8"
        },
        {
            "introduced": "11.6.0"
        },
        {
            "fixed": "11.6.6"
        },
        {
            "introduced": "11.6.0"
        },
        {
            "fixed": "11.6.6"
        },
        {
            "introduced": "11.7.0"
        },
        {
            "fixed": "11.7.1"
        },
        {
            "introduced": "11.7.0"
        },
        {
            "fixed": "11.7.1"
        }
    ]
}

Affected versions

v11.*
v11.6.0-ee
v11.6.1-ee
v11.6.2-ee
v11.6.3-ee
v11.6.4-ee
v11.6.5-ee
v11.7.0-ee

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-6996.json"