CVE-2019-5472

2020-01-2803:15:11

Google

osv.dev

6.7 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

53.2%

JSON

An authorization issue was discovered in Gitlab versions < 12.1.2, < 12.0.4, and < 11.11.6 that prevented owners and maintainer to delete epic comments.

CPENameOperatorVersion
gitlabeq12.0.3-ee
gitlabeq12.0.1-ee
gitlabeq12.0.0-ee
gitlabeq12.0.2-ee

Name	Operator	Version
gitlab	eq	12.0.3-ee
gitlab	eq	12.0.1-ee
gitlab	eq	12.0.0-ee
gitlab	eq	12.0.2-ee

References

about.gitlab.com/releases/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/

gitlab.com/gitlab-org/gitlab-ee/issues/11381

hackerone.com/reports/538101