CVE-2019-5466

Summary

An IDOR was discovered in GitLab CE/EE 11.5 and later that allowed new merge requests endpoint to disclose label names.

Affected Software

VendorProductVersion RangeStatus
n/aGitLab CE/EEAffects GitLab CE/EE 11.5 and lateraffected
n/aGitLab CE/EEFixed in 12.1.2 in 12.0.4 and in 11.11.6affected

Weaknesses

  • CWE-639: Insecure Direct Object Reference (IDOR) (CWE-639)

ADP Enrichment

CVE Program Container

Additional References

References