CVE-2019-5462

Summary

A privilege escalation issue was discovered in GitLab CE/EE 9.0 and later when trigger tokens are not rotated once ownership of them has changed.

Affected Software

VendorProductVersion RangeStatus
GitLabGitLab Community Edition and GitLab Enterprise EditionAffects GitLab CE/EE 9.0 and lateraffected
GitLabGitLab Community Edition and GitLab Enterprise EditionFixed in 12.1.2 in 12.0.4 and in 11.11.6affected

Weaknesses

  • Privilege Escalation (CAPEC-233)

ADP Enrichment

CVE Program Container

Additional References

References