CVE-2019-15583
published 2020-01-28CVE-2019-15583: An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE). When an issue was moved to…
PriorityP339high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
1.38%
68.8th percentile
An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE). When an issue was moved to a public project from a private one, the associated private labels and the private project namespace would be disclosed through the GitLab API.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | gitlab | < gitlab 12.6.8-3 (sid) | gitlab 12.6.8-3 (sid) |
| gitlab | gitlab | — | — |
| gitlab | gitlab | >= 12.1.0 < 12.1.12 | 12.1.12 |
| gitlab | gitlab | >= 12.2.0 < 12.2.6 | 12.2.6 |
| gitlab | gitlab | >= 12.3.0 < 12.3.2 | 12.3.2 |
| gitlab | gitlab_ce_ee | — | — |
| gitlab | gitlab_ce_ee | — | — |
| gitlab | gitlab_ce_ee | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vendor_debian7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GitLab
CVE-2019-15583: An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE). When an issue was
vendor_gitlab·2020-01-28·CVSS 7.5
CVE-2019-15583 [HIGH] CWE-200 CVE-2019-15583: An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE). When an issue was
CVE-2019-15583: An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE). When an issue was moved to a public project from a private one, the associated private labels and the private project namespace would be disclosed through the GitLab API.
Debian
CVE-2019-15583: gitlab - An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab...
vendor_debian·2019·CVSS 7.5
CVE-2019-15583 [HIGH] CVE-2019-15583: gitlab - An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab...
An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE). When an issue was moved to a public project from a private one, the associated private labels and the private project namespace would be disclosed through the GitLab API.
Scope: local
sid: resolved (fixed in 12.6.8-3)
GHSA
GHSA-v2jw-9cf3-v6vg: An information disclosure exists in < 12
ghsa_unreviewed·2022-05-24
CVE-2019-15583 [MEDIUM] GHSA-v2jw-9cf3-v6vg: An information disclosure exists in < 12
An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE). When an issue was moved to a public project from a private one, the associated private labels and the private project namespace would be disclosed through the GitLab API.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2020-01-28
Published