CVE-2019-5466Authorization Bypass Through User-Controlled Key in Gitlab

CWE-639Authorization Bypass Through User-Controlled Key4 documents4 sources
Severity
4.3MEDIUMNVD
EPSS
0.3%
top 43.22%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
GitlabDebian GitlabGitlab CE EE+1 more
Timeline
PublishedJan 28
Latest updateMay 24

Description

An IDOR was discovered in GitLab CE/EE 11.5 and later that allowed new merge requests endpoint to disclose label names.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages5 packages

NVDgitlab/gitlab11.5.011.11.7
debiandebian/gitlab< gitlab 12.6.8-3 (sid)
CVEListV5gitlab_ce/eeAffects GitLab CE/EE 11.5 and later, Fixed in 12.1.2 in 12.0.4 and in 11.11.6+1
gitlabgitlab/gitlab

Patches

Patch: about.gitlab.comPatch: about.gitlab.com

🔴Vulnerability Details

1
GHSA
GHSA-8c93-42cq-rfjj: An IDOR was discovered in GitLab CE/EE 112022-05-24

📋Vendor Advisories

2
GitLab
CVE-2019-5466: An IDOR was discovered in GitLab CE/EE 11.5 and later that allowed new merge requests endpoint to disclose label names.2020-01-28
Debian
CVE-2019-5466: gitlab - An IDOR was discovered in GitLab CE/EE 11.5 and later that allowed new merge req...2019