CVE-2019-15581
published 2020-01-28CVE-2019-15581: An IDOR exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) that allowed a project owner or maintainer to…
PriorityP425medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
EPSS
0.97%
57.4th percentile
An IDOR exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) that allowed a project owner or maintainer to see the members of any private group via merge request approval rules.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | gitlab | < gitlab 12.6.8-3 (sid) | gitlab 12.6.8-3 (sid) |
| gitlab | gitlab | — | — |
| gitlab | gitlab | >= 12.1.0 < 12.1.12 | 12.1.12 |
| gitlab | gitlab | >= 12.2.0 < 12.2.6 | 12.2.6 |
| gitlab | gitlab | >= 12.3.0 < 12.3.2 | 12.3.2 |
| gitlab | gitlab_ee | — | — |
| gitlab | gitlab_ee | — | — |
| gitlab | gitlab_ee | — | — |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vendor_debian5.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GitLab
CVE-2019-15581: An IDOR exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) that allowed a project owner or main
vendor_gitlab·2020-01-28·CVSS 5.3
CVE-2019-15581 [MEDIUM] CWE-639 CVE-2019-15581: An IDOR exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) that allowed a project owner or main
CVE-2019-15581: An IDOR exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) that allowed a project owner or maintainer to see the members of any private group via merge request approval rules.
Debian
CVE-2019-15581: gitlab - An IDOR exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition...
vendor_debian·2019·CVSS 5.3
CVE-2019-15581 [MEDIUM] CVE-2019-15581: gitlab - An IDOR exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition...
An IDOR exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) that allowed a project owner or maintainer to see the members of any private group via merge request approval rules.
Scope: local
sid: resolved (fixed in 12.6.8-3)
GHSA
GHSA-56mp-522g-cw9g: An IDOR exists in < 12
ghsa_unreviewed·2022-05-24
CVE-2019-15581 [MEDIUM] GHSA-56mp-522g-cw9g: An IDOR exists in < 12
An IDOR exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) that allowed a project owner or maintainer to see the members of any private group via merge request approval rules.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2020-01-28
Published