CVE-2019-15590

Summary

An access control issue exists in < 12.3.5, < 12.2.8, and < 12.1.14 for GitLab Community Edition (CE) and Enterprise Edition (EE) where private merge requests and issues would be disclosed with the Group Search feature provided by Elasticsearch integration

Affected Software

VendorProductVersion RangeStatus
GitLabGitLab EEbefore 12.3.5affected
GitLabGitLab EEbefore 12.2.8affected
GitLabGitLab EEbefore 12.1.14affected

Weaknesses

  • CWE-284: Improper Access Control - Generic (CWE-284)

ADP Enrichment

CVE Program Container

Additional References

References