Unrated severityNVD Advisory· Published Dec 18, 2019· Updated Aug 5, 2024
CVE-2019-15591
CVE-2019-15591
Description
An improper access control vulnerability exists in GitLab <12.3.3 that allows an attacker to obtain container and dependency scanning reports through the merge request widget even though public pipelines were disabled.
Affected products
6- GitLab/GitLabdescription
- Range: <12.3.3
- osv-coords4 versionspkg:apk/chainguard/gitlab-operatorpkg:apk/chainguard/gitlab-operator-chartspkg:apk/chainguard/gitlab-operator-compatpkg:apk/chainguard/gitlab-operator-fips
< 0+ 3 more
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
Patches
Vulnerability mechanics
References
1- hackerone.com/reports/676976mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.