ByteOS Network

NVD Vulnerability Details :

CVE-2019-15594

Analyzed

Source-support@hackerone.com

Published At-14 Feb, 2020 | 22:15

Updated At-14 Sep, 2021 | 12:44

GitLab 11.8 and later contains a security vulnerability that allows a user to obtain details of restricted pipelines via the merge request endpoint.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Type	Version	Base score	Base severity	Vector
Primary	3.1	4.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Primary	2.0	4.0	MEDIUM	AV:N/AC:L/Au:S/C:P/I:N/A:N

>>gitlab>>Versions up to 11.8(inclusive)

CWE ID	Type	Source
NVD-CWE-noinfo	Primary	nvd@nist.gov
CWE-200	Secondary	support@hackerone.com

Hyperlink	Source	Resource
https://about.gitlab.com/releases/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/	support@hackerone.com	Vendor Advisory
https://hackerone.com/reports/507064	support@hackerone.com	Permissions Required