CVE-2019-20145
Description
An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 11.4 through 12.6.1. It has Incorrect Access Control.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
GitLab CE/EE 11.4-12.6.1 has an incorrect access control vulnerability that could allow unauthorized access to sensitive resources.
Vulnerability
An incorrect access control issue exists in GitLab Community Edition (CE) and Enterprise Edition (EE) versions 11.4 through 12.6.1 [2]. The vulnerability affects an unspecified component, allowing unauthorized access to resources that should be protected.
Exploitation
An attacker can exploit this vulnerability by sending specially crafted requests to a vulnerable GitLab instance. No prior authentication is required, as the access control mechanism fails to verify permissions properly.
Impact
Successful exploitation allows an attacker to gain unauthorized read or write access to sensitive data, potentially including project settings, user information, or other restricted resources. The impact can range from information disclosure to privilege escalation depending on the specific component affected.
Mitigation
The issue is fixed in GitLab 12.6.2, released on January 2, 2020 [2]. Users running versions 11.4 through 12.6.1 should upgrade immediately. No workarounds have been reported.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- GitLab/Community Edition (CE) and Enterprise Edition (EE)description
- Range: >=11.4 <=12.6.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- about.gitlab.com/blog/categories/releases/mitrex_refsource_MISC
- about.gitlab.com/releases/2020/01/02/security-release-gitlab-12-6-2-released/mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.