PT-2020-9361 · Gitlab · Gitlab Ce/Ee+1

Xanbanx

Published

2020-03-10

Updated

2021-07-21

CVE-2019-13006

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions: GitLab Community and Enterprise Edition versions 9.0 through 12.0.2

Description: An issue was discovered that allows users with access to issues, but not the repository, to view the number of related merge requests on an issue. This is due to incorrect access control.

Recommendations: For GitLab Community and Enterprise Edition versions 9.0 through 12.0.2, update to a version that contains a fix for this issue to prevent unauthorized access to related merge requests. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2019-13006

Affected Products

Gitlab

Gitlab Ce/Ee

PT-2020-9361 · Gitlab · Gitlab Ce/Ee+1

CVE-2019-13006

Related Identifiers

Affected Products

References · 5