CVE-2019-13005 — Gitlab vulnerability
4 documents4 sources
Severity
4.3MEDIUMNVD
EPSS
0.2%
top 63.53%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMar 10
Latest updateMay 24
Description
An issue was discovered in GitLab Enterprise Edition and Community Edition 1.10 through 12.0.2. The GitLab graphql service was vulnerable to multiple authorization issues that disclosed restricted user, group, and repository metadata to unauthorized users. It has Incorrect Access Control.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4
Affected Packages3 packages
🔴Vulnerability Details
1GHSA▶
GHSA-5mxj-8vqf-cpf9: An issue was discovered in GitLab Enterprise Edition and Community Edition 1↗2022-05-24
📋Vendor Advisories
2GitLab▶
CVE-2019-13005: An issue was discovered in GitLab Enterprise Edition and Community Edition 1.10 through 12.0.2. The GitLab graphql service was vulnerable to multiple↗2020-03-10
Debian▶
CVE-2019-13005: gitlab - An issue was discovered in GitLab Enterprise Edition and Community Edition 1.10 ...↗2019