PT-2019-14296 · Gitlab · Gitlab

Publicado

2019-12-18

Atualizado

2019-12-27

CVE-2019-15589

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Gitlab versions prior to 12.3.2 Gitlab versions prior to 12.2.6 Gitlab versions prior to 12.1.12

Description An issue exists where a blocked user can still use GIT clone and pull if they had obtained a CI/CD token before. This is due to improper access control.

Recommendations For versions prior to 12.3.2, update to version 12.3.2 or later to resolve the issue. For versions prior to 12.2.6, update to version 12.2.6 or later to resolve the issue. For versions prior to 12.1.12, update to version 12.1.12 or later to resolve the issue.

Exploit

Correção

Improper Access Control

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-284

Identificadores relacionados

CVE-2019-15589

Produtos afetados

Gitlab

PT-2019-14296 · Gitlab · Gitlab

CVE-2019-15589

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7