CVE-2019-15591

2019-12-1820:51:27

CWE-284

hackerone

www.cve.org

6.1 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

28.5%

JSON

An improper access control vulnerability exists in GitLab <12.3.3 that allows an attacker to obtain container and dependency scanning reports through the merge request widget even though public pipelines were disabled.

CNA Affected

[
  {
    "product": "GitLab",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "12.3.3"
      }
    ]
  }
]

References

hackerone.com/reports/676976