CVE-2019-6997

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2019-6997
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-6997.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-6997
Published
2019-09-09T20:15:12.777Z
Modified
2026-04-10T04:19:57.045193Z
Severity
  • 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
[none]
Details

An issue was discovered in GitLab Community and Enterprise Edition 10.x (starting in 10.7) and 11.x before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control. System notes contain an access control issue that permits a guest user to view merge request titles.

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events
Introduced
5790caa7dc2fccf506a58da65f7d8aefaae3a18b
Last affected
075705a5f3bd9748d92cf48073bfe9e79b58f385
Introduced
5790caa7dc2fccf506a58da65f7d8aefaae3a18b
Last affected
075705a5f3bd9748d92cf48073bfe9e79b58f385
Introduced
c6f72ac9a88521257991aa9a0cc6d558126f5bb9
Fixed
abfb287f424b28a64807bf9ba12c4a909e8d9f86
Introduced
c6f72ac9a88521257991aa9a0cc6d558126f5bb9
Fixed
abfb287f424b28a64807bf9ba12c4a909e8d9f86
Introduced
4c09765c6424a96be7c7ae7707db3bda4e9c4ab4
Fixed
e9c988e44da4af7bf7a3f01edc7eb1eccb348ff5
Introduced
4c09765c6424a96be7c7ae7707db3bda4e9c4ab4
Fixed
e9c988e44da4af7bf7a3f01edc7eb1eccb348ff5
Introduced
c02f0d47774ac40ee0d1097d00d7980ef0c7012c
Fixed
51b69167426f1a15449328d5221a96d7306d7fc5
Introduced
c02f0d47774ac40ee0d1097d00d7980ef0c7012c
Fixed
51b69167426f1a15449328d5221a96d7306d7fc5
Database specific 
{
    "versions": [
        {
            "introduced": "10.7.0"
        },
        {
            "last_affected": "10.8.7"
        },
        {
            "introduced": "10.7.0"
        },
        {
            "last_affected": "10.8.7"
        },
        {
            "introduced": "11.0.0"
        },
        {
            "fixed": "11.5.8"
        },
        {
            "introduced": "11.0.0"
        },
        {
            "fixed": "11.5.8"
        },
        {
            "introduced": "11.6.0"
        },
        {
            "fixed": "11.6.6"
        },
        {
            "introduced": "11.6.0"
        },
        {
            "fixed": "11.6.6"
        },
        {
            "introduced": "11.7.0"
        },
        {
            "fixed": "11.7.1"
        },
        {
            "introduced": "11.7.0"
        },
        {
            "fixed": "11.7.1"
        }
    ]
}

Affected versions

v11.*
v11.6.0-ee
v11.6.1-ee
v11.6.2-ee
v11.6.3-ee
v11.6.4-ee
v11.6.5-ee
v11.7.0-ee

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-6997.json"