CVE-2019-15591 — Improper Access Control in Gitlab

CWE-284 — Improper Access Control6 documents6 sources

Severity

6.5MEDIUMNVD

EPSS

0.2%

top 56.28%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gitlab Debian Gitlab

Timeline

PublishedDec 18

Latest updateJul 31

Description

An improper access control vulnerability exists in GitLab <12.3.3 that allows an attacker to obtain container and dependency scanning reports through the merge request widget even though public pipelines were disabled.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

▶NVDgitlab/gitlab< 12.3.3

▶debiandebian/gitlab< gitlab 12.6.8-3 (sid)

▶CVEListV5gitlab/gitlab12.3.3

▶gitlabgitlab/gitlab

🔴Vulnerability Details

GHSA

GHSA-2gpm-g93x-8fr4: An improper access control vulnerability exists in GitLab <12↗2022-05-24

▶

📋Vendor Advisories

Ivanti

Ivanti Security Advisory: CVE-2019-16382↗2020-03-19

▶

GitLab

CVE-2019-15591: An improper access control vulnerability exists in GitLab <12.3.3 that allows an attacker to obtain container and dependency scanning reports through↗2019-12-18

▶

Debian

CVE-2019-15591: gitlab - An improper access control vulnerability exists in GitLab <12.3.3 that allows an...↗2019

▶

📄Research Papers

arXiv

Microservice Vulnerability Analysis: A Literature Review with Empirical Insights↗2024-07-31

▶