CVE-2019-15576

2019-12-1821:00:08

CWE-200

hackerone

www.cve.org

6.9 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.8%

JSON

An information disclosure vulnerability exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.12 that allowed an attacker to view private system notes from a GraphQL endpoint.

CNA Affected

[
  {
    "product": "GitLab CE/EE",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "12.3.2, 12.2.6, and 12.1.12"
      }
    ]
  }
]

References

hackerone.com/reports/633001