CVE-2019-5487

2019-12-1821:00:29

CWE-284

hackerone

www.cve.org

5.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

47.4%

JSON

An improper access control vulnerability exists in Gitlab EE <v12.3.3, <v12.2.7, & <v12.1.13 that allowed the group search feature with Elasticsearch to return private code, merge requests and commits.

CNA Affected

[
  {
    "product": "GitLab EE",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "12.3.3, 12.2.7, 12.1.13"
      }
    ]
  }
]

References

hackerone.com/reports/692252