Information disclosure in Gitlab Community Edition - CVE-2019-11545
Published: September 9, 2019 / Updated: July 17, 2020
Vulnerability identifier: #VU30779
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2019-11545
CWE-ID: CWE-200
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: GitLab, Inc
Affected software:
Gitlab Community Edition
Gitlab Community Edition
Detailed vulnerability description
The vulnerability allows a remote authenticated user to gain access to sensitive information.
An issue was discovered in GitLab Community Edition 11.9.x before 11.9.10 and 11.10.x before 11.10.2. It allows Information Disclosure. When an issue is moved to a private project, the private project namespace is leaked to unauthorized users with access to the original issue.
How to mitigate CVE-2019-11545
Install update from vendor's website.