CVE-2019-15590

2020-01-2803:15:10

Google

osv.dev

6.7 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

55.2%

JSON

An access control issue exists in < 12.3.5, < 12.2.8, and < 12.1.14 for GitLab Community Edition (CE) and Enterprise Edition (EE) where private merge requests and issues would be disclosed with the Group Search feature provided by Elasticsearch integration

CPENameOperatorVersion
gitlabeq12.2.6-ee
gitlabeq12.2.1-ee
gitlabeq12.2.4-ee
gitlabeq12.2.5-ee
gitlabeq12.2.3-ee
gitlabeq12.2.7-ee
gitlabeq12.2.0-ee

Name	Operator	Version
gitlab	eq	12.2.6-ee
gitlab	eq	12.2.1-ee
gitlab	eq	12.2.4-ee
gitlab	eq	12.2.5-ee
gitlab	eq	12.2.3-ee
gitlab	eq	12.2.7-ee
gitlab	eq	12.2.0-ee

References

about.gitlab.com/releases/2019/10/07/security-release-gitlab-12-dot-3-dot-5-released/

hackerone.com/reports/701144