CVE-2019-5469
published 2019-12-18CVE-2019-5469: An IDOR vulnerability exists in GitLab <v12.1.2, <v12.0.4, and <v11.11.6 that allowed uploading files from project archive to replace other users files…
PriorityP434medium6.5CVSS 3.1
AVNACLPRLUINSUCNIHAN
EPSS
0.77%
51.1th percentile
An IDOR vulnerability exists in GitLab <v12.1.2, <v12.0.4, and <v11.11.6 that allowed uploading files from project archive to replace other users files potentially allowing an attacker to replace project binaries or other uploaded assets.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | gitlab | < gitlab 12.6.8-3 (sid) | gitlab 12.6.8-3 (sid) |
| gitlab | gitlab | — | — |
| gitlab | gitlab | — | — |
| gitlab | gitlab | >= 11.11.0 < 11.11.6 | 11.11.6 |
| gitlab | gitlab | >= 12.0.0 < 12.0.4 | 12.0.4 |
| gitlab | gitlab | >= 12.1.0 < 12.1.2 | 12.1.2 |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
nvdv2.05.5MEDIUMAV:N/AC:L/Au:S/C:N/I:P/A:P
vendor_debian6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GitLab
CVE-2019-5469: An IDOR vulnerability exists in GitLab <v12.1.2, <v12.0.4, and <v11.11.6 that allowed uploading files from project archive to replace other users file
vendor_gitlab·2019-12-18·CVSS 6.5
CVE-2019-5469 [MEDIUM] CWE-639 CVE-2019-5469: An IDOR vulnerability exists in GitLab <v12.1.2, <v12.0.4, and <v11.11.6 that allowed uploading files from project archive to replace other users file
CVE-2019-5469: An IDOR vulnerability exists in GitLab <v12.1.2, <v12.0.4, and <v11.11.6 that allowed uploading files from project archive to replace other users files potentially allowing an attacker to replace project binaries or other uploaded assets.
Debian
CVE-2019-5469: gitlab - An IDOR vulnerability exists in GitLab <v12.1.2, <v12.0.4, and <v11.11.6 that al...
vendor_debian·2019·CVSS 6.5
CVE-2019-5469 [MEDIUM] CVE-2019-5469: gitlab - An IDOR vulnerability exists in GitLab <v12.1.2, <v12.0.4, and <v11.11.6 that al...
An IDOR vulnerability exists in GitLab <v12.1.2, <v12.0.4, and <v11.11.6 that allowed uploading files from project archive to replace other users files potentially allowing an attacker to replace project binaries or other uploaded assets.
Scope: local
sid: resolved (fixed in 12.6.8-3)
GHSA
GHSA-wqrm-4jcg-5rjc: An IDOR vulnerability exists in GitLab <v12
ghsa_unreviewed·2022-05-24
CVE-2019-5469 [MEDIUM] GHSA-wqrm-4jcg-5rjc: An IDOR vulnerability exists in GitLab <v12
An IDOR vulnerability exists in GitLab <v12.1.2, <v12.0.4, and <v11.11.6 that allowed uploading files from project archive to replace other users files potentially allowing an attacker to replace project binaries or other uploaded assets.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2019-12-18
Published