CVE-2019-5474

CWE-284 — Improper Access Control CWE-863 — Incorrect Authorization5 documents5 sources

Severity

6.5MEDIUM

EPSS

0.2%

top 62.25%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gitlab Gitlab Gitlab Gitlab EE

Timeline

PublishedJan 28

Latest updateMay 24

Description

An authorization issue was discovered in GitLab EE < 12.1.2, < 12.0.4, and < 11.11.6 allowing the merge request approval rules to be overridden without appropriate permissions.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶NVDgitlab/gitlab11.8.0 — 11.11.6+2

▶CVEListV5gitlab/gitlab_eebefore 11.11.6, before 12.0.4, before 12.1.2+2

Patches

Patch: about.gitlab.com ↗Patch: about.gitlab.com ↗

🔴Vulnerability Details

GHSA

GHSA-p58m-cp94-fm4f: An authorization issue was discovered in GitLab EE < 12↗2022-05-24

▶

CVEList

CVE-2019-5474: An authorization issue was discovered in GitLab EE < 12↗2020-01-28

▶

📋Vendor Advisories

GitLab

CVE-2019-5474: An authorization issue was discovered in GitLab EE < 12.1.2, < 12.0.4, and < 11.11.6 allowing the merge request approval rules to be overridden withou↗2020-01-28

▶

Debian

CVE-2019-5474: gitlab - An authorization issue was discovered in GitLab EE < 12.1.2, < 12.0.4, and < 11....↗2019

▶