PT-2019-14296 · Gitlab · Gitlab

Published

2019-12-18

Updated

2019-12-27

CVE-2019-15589

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Gitlab versions prior to 12.3.2 Gitlab versions prior to 12.2.6 Gitlab versions prior to 12.1.12

Description An issue exists where a blocked user can still use GIT clone and pull if they had obtained a CI/CD token before. This is due to improper access control.

Recommendations For versions prior to 12.3.2, update to version 12.3.2 or later to resolve the issue. For versions prior to 12.2.6, update to version 12.2.6 or later to resolve the issue. For versions prior to 12.1.12, update to version 12.1.12 or later to resolve the issue.

Exploit

Fix

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284

Related Identifiers

CVE-2019-15589

Affected Products

Gitlab

PT-2019-14296 · Gitlab · Gitlab

CVE-2019-15589

Weakness Enumeration

Related Identifiers

Affected Products

References · 7