PT-2020-9319 · Gitlab · Gitlab Ce/Ee+1

Peter Marko

Published

2020-03-10

Updated

2020-03-10

CVE-2019-12433

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions: GitLab Community and Enterprise Edition versions 11.7 through 11.11

Description: The issue is related to improper input validation, allowing the creation of internal projects in private groups with restricted visibility settings. This leads to multiple permission issues.

Recommendations: For GitLab Community and Enterprise Edition versions 11.7 through 11.11, consider restricting the creation of internal projects in private groups until a fix is available. As a temporary workaround, review and adjust the visibility settings of existing internal projects in private groups to minimize permission issues. Restrict access to sensitive data within these projects to prevent unauthorized access.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2019-12433

Affected Products

Gitlab

Gitlab Ce/Ee

PT-2020-9319 · Gitlab · Gitlab Ce/Ee+1

CVE-2019-12433

Weakness Enumeration

Related Identifiers

Affected Products

References · 5