PT-2020-9721 · Elastic+1 · Elasticsearch+2
Rpadovani
·
Published
2020-01-28
·
Updated
2021-11-02
·
CVE-2019-15590
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
GitLab Community Edition (CE) and Enterprise Edition (EE) versions prior to 12.3.5
GitLab Community Edition (CE) and Enterprise Edition (EE) versions prior to 12.2.8
GitLab Community Edition (CE) and Enterprise Edition (EE) versions prior to 12.1.14
Description
An access control issue exists where private merge requests and issues would be disclosed with the Group Search feature provided by Elasticsearch integration.
Recommendations
For versions prior to 12.3.5, update to version 12.3.5 or later to resolve the issue.
For versions prior to 12.2.8, update to version 12.2.8 or later to resolve the issue.
For versions prior to 12.1.14, update to version 12.1.14 or later to resolve the issue.
Fix
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Elasticsearch
Gitlab
Gitlab Ce/Ee