Main Vulnerability Database Vulnerabilities #VU30746

Information disclosure in Gitlab Community Edition - CVE-2019-15734

Published: September 16, 2019 / Updated: July 17, 2020

Vulnerability identifier: #VU30746

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2019-15734

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: GitLab, Inc

Affected software:
Gitlab Community Edition

Detailed vulnerability description

The vulnerability allows a remote authenticated user to gain access to sensitive information.

An issue was discovered in GitLab Community and Enterprise Edition 8.6 through 12.2.1. Under very specific conditions, commit titles and team member comments could become viewable to users who did not have permission to access these.

How to mitigate CVE-2019-15734

Install update from vendor's website.

Sources

https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
https://gitlab.com/gitlab-org/gitlab-ce/issues/64711

Information disclosure in Gitlab Community Edition - CVE-2019-15734

Detailed vulnerability description

How to mitigate CVE-2019-15734

Sources

Please verify you're human