CVE Vulnerabilities

CVE-2019-15591

Published: Dec 18, 2019 | Modified: Oct 09, 2020
CVSS 3.x
6.5
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVSS 2.x
4 MEDIUM
AV:N/AC:L/Au:S/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

An improper access control vulnerability exists in GitLab <12.3.3 that allows an attacker to obtain container and dependency scanning reports through the merge request widget even though public pipelines were disabled.

Affected Software

Name Vendor Start Version End Version
Gitlab Gitlab * *
Gitlab Gitlab * *

References