PT-2020-9360 · Gitlab · Gitlab Ce/Ee+1

Rpadovani

Published

2020-03-10

Updated

2020-08-24

CVE-2019-13005

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions: GitLab Enterprise Edition and Community Edition versions 1.10 through 12.0.2

Description: An issue was discovered in the GitLab graphql service, which was vulnerable to multiple authorization issues. These issues disclosed restricted user, group, and repository metadata to unauthorized users due to Incorrect Access Control.

Recommendations: For versions 1.10 through 12.0.2, update to a version that includes the fix for the authorization issues in the GitLab graphql service to prevent disclosure of restricted metadata to unauthorized users.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2019-13005

Affected Products

Gitlab

Gitlab Ce/Ee

PT-2020-9360 · Gitlab · Gitlab Ce/Ee+1

CVE-2019-13005

Related Identifiers

Affected Products

References · 5