CVE-2019-5487

Summary

An improper access control vulnerability exists in Gitlab EE <v12.3.3, <v12.2.7, & <v12.1.13 that allowed the group search feature with Elasticsearch to return private code, merge requests and commits.

Affected Software

VendorProductVersion RangeStatus
n/aGitLab EE12.3.3, 12.2.7, 12.1.13affected

Weaknesses

  • CWE-284: Improper Access Control - Generic (CWE-284)

ADP Enrichment

CVE Program Container

Additional References

References