Unrated severityNVD Advisory· Published Dec 18, 2019· Updated Aug 5, 2024
CVE-2019-15580
CVE-2019-15580
Description
An information exposure vulnerability exists in gitlab.com <v12.3.2, <v12.2.6, and <v12.1.10 when using the blocking merge request feature, it was possible for an unauthenticated user to see the head pipeline data of a public project even though pipeline visibility was restricted.
Affected products
6- GitLab/gitlab.comdescription
- Range: <12.3.2, <12.2.6, <12.1.10
- osv-coords4 versionspkg:apk/chainguard/gitlab-operatorpkg:apk/chainguard/gitlab-operator-chartspkg:apk/chainguard/gitlab-operator-compatpkg:apk/chainguard/gitlab-operator-fips
< 0+ 3 more
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
Patches
Vulnerability mechanics
References
1- hackerone.com/reports/667408mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.