CVE-2019-15589

2019-12-1821:00:39

CWE-284

hackerone

www.cve.org

8.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

32.1%

JSON

An improper access control vulnerability exists in Gitlab <v12.3.2, <v12.2.6, <v12.1.12 which would allow a blocked user would be able to use GIT clone and pull if he had obtained a CI/CD token before.

CNA Affected

[
  {
    "product": "GitLab CE/EE",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "12.3.2, 12.2.6, 12.1.12"
      }
    ]
  }
]

References

hackerone.com/reports/497047