CVE-2019-15592 — Sensitive Information Exposure in Gitlab

CWE-200 — Sensitive Information Exposure5 documents5 sources

Severity

4.3MEDIUMNVD

EPSS

0.7%

top 27.15%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gitlab Debian Gitlab

Timeline

PublishedFeb 14

Latest updateMay 24

Description

GitLab 12.2.2 and below contains a security vulnerability that allows a guest user in a private project to see the merge request ID associated to an issue via the activity timeline.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages4 packages

▶NVDgitlab/gitlab11.2.0 — 12.0.8+2

▶debiandebian/gitlab< gitlab 12.6.8-3 (sid)

▶CVEListV5gitlab/gitlab12.2.3

▶gitlabgitlab/gitlab

🔴Vulnerability Details

GHSA

GHSA-p39m-p32x-h8jq: GitLab 12↗2022-05-24

▶

OSV

CVE-2019-15592: GitLab 12↗2020-02-14

▶

📋Vendor Advisories

GitLab

CVE-2019-15592: GitLab 12.2.2 and below contains a security vulnerability that allows a guest user in a private project to see the merge request ID associated to an i↗2020-02-14

▶

Debian

CVE-2019-15592: gitlab - GitLab 12.2.2 and below contains a security vulnerability that allows a guest us...↗2019

▶