CVE-2019-15591
published 2019-12-18CVE-2019-15591: An improper access control vulnerability exists in GitLab <12.3.3 that allows an attacker to obtain container and dependency scanning reports through the merge…
PriorityP336medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
EPSS
1.15%
62.9th percentile
An improper access control vulnerability exists in GitLab <12.3.3 that allows an attacker to obtain container and dependency scanning reports through the merge request widget even though public pipelines were disabled.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | gitlab | < gitlab 12.6.8-3 (sid) | gitlab 12.6.8-3 (sid) |
| gitlab | gitlab | < 12.3.3 | 12.3.3 |
| gitlab | gitlab | — | — |
| gitlab | gitlab | — | — |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
vendor_debian6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ivanti
Ivanti Security Advisory: CVE-2019-16382
vendor_ivanti·2020-03-19·CVSS 9.8
CVE-2019-16382 [CRITICAL] Ivanti Security Advisory: CVE-2019-16382
Ivanti Security Advisory: CVE-2019-16382
An issue was discovered in Ivanti Workspace Control 10.3.110.0. One is able to bypass Ivanti's FileGuard folder protection by renaming the WMTemp work folder used by PowerGrid. A malicious PowerGrid XML file can then be created, after which the folder is renamed back to its original value. Also, CVE-2018-15591 exploitation can consequently be achieved by using PowerGrid with the /SEE parameter to execute the arbitrary command specified in the XML file.
CVE IDs: CVE-2019-16382
CVSS Base Score: 9.8
Severity: CRITICAL
GitLab
CVE-2019-15591: An improper access control vulnerability exists in GitLab <12.3.3 that allows an attacker to obtain container and dependency scanning reports through
vendor_gitlab·2019-12-18·CVSS 6.5
CVE-2019-15591 [MEDIUM] CWE-284 CVE-2019-15591: An improper access control vulnerability exists in GitLab <12.3.3 that allows an attacker to obtain container and dependency scanning reports through
CVE-2019-15591: An improper access control vulnerability exists in GitLab <12.3.3 that allows an attacker to obtain container and dependency scanning reports through the merge request widget even though public pipelines were disabled.
Debian
CVE-2019-15591: gitlab - An improper access control vulnerability exists in GitLab <12.3.3 that allows an...
vendor_debian·2019·CVSS 6.5
CVE-2019-15591 [MEDIUM] CVE-2019-15591: gitlab - An improper access control vulnerability exists in GitLab <12.3.3 that allows an...
An improper access control vulnerability exists in GitLab <12.3.3 that allows an attacker to obtain container and dependency scanning reports through the merge request widget even though public pipelines were disabled.
Scope: local
sid: resolved (fixed in 12.6.8-3)
GHSA
GHSA-2gpm-g93x-8fr4: An improper access control vulnerability exists in GitLab <12
ghsa_unreviewed·2022-05-24
CVE-2019-15591 [MEDIUM] CWE-284 GHSA-2gpm-g93x-8fr4: An improper access control vulnerability exists in GitLab <12
An improper access control vulnerability exists in GitLab <12.3.3 that allows an attacker to obtain container and dependency scanning reports through the merge request widget even though public pipelines were disabled.
No detection rules found.
No public exploits indexed.
2019-12-18
Published