CVE-2019-5474

Summary

An authorization issue was discovered in GitLab EE < 12.1.2, < 12.0.4, and < 11.11.6 allowing the merge request approval rules to be overridden without appropriate permissions.

Affected Software

VendorProductVersion RangeStatus
GitLabGitLab EEbefore 12.1.2affected
GitLabGitLab EEbefore 12.0.4affected
GitLabGitLab EEbefore 11.11.6affected

Weaknesses

  • CWE-284: Improper Access Control - Generic (CWE-284)

ADP Enrichment

CVE Program Container

Additional References

References