Main Vulnerability Database Vulnerabilities #VU35896

Input validation error in Gitlab Community Edition - CVE-2019-10115

Published: May 16, 2019 / Updated: August 8, 2020

Vulnerability identifier: #VU35896

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2019-10115

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: GitLab, Inc

Affected software:
Gitlab Community Edition

Detailed vulnerability description

The vulnerability allows a remote authenticated user to gain access to sensitive information.

An Insecure Permissions issue (issue 2 of 3) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. The GitLab Releases feature could allow guest users access to private information like release details and code information.

How to mitigate CVE-2019-10115

Install update from vendor's website.

Input validation error in Gitlab Community Edition - CVE-2019-10115

Detailed vulnerability description

How to mitigate CVE-2019-10115

Sources

Please verify you're human