PT-2019-17691 · Gitlab · Gitlab Ce/Ee+1
Xanbanx
·
Published
2019-09-09
·
Updated
2023-02-23
·
CVE-2019-5463
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
GitLab CE/EE versions prior to 11.11.6
GitLab CE/EE versions prior to 12.0.4
GitLab CE/EE versions prior to 12.1.2
Description
An authorization issue was discovered in the GitLab CE/EE CI badge images endpoint, which could result in disclosure of the build status.
Recommendations
For versions prior to 11.11.6, update to version 11.11.6 or later to resolve the issue.
For versions prior to 12.0.4, update to version 12.0.4 or later to resolve the issue.
For versions prior to 12.1.2, update to version 12.1.2 or later to resolve the issue.
Exploit
Fix
Missing Authorization
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Gitlab
Gitlab Ce/Ee