CVE-2019-13009

MEDIUM

GitLab 9.2.0-12.0.2 - Unauthorized File Access via Unsaved Personal Snippet Uploads

Title source: llm

Description

An issue was discovered in GitLab Community and Enterprise Edition 9.2 through 12.0.2. Uploaded files associated with unsaved personal snippets were accessible to unauthorized users due to improper permission settings. It has Incorrect Access Control.

References (2)

Core 2

Core References

Release Notes, Vendor Advisory x_refsource_misc

https://about.gitlab.com/blog/categories/releases/

Vendor Advisory x_refsource_confirm

https://about.gitlab.com/releases/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/

Scores

CVSS v3 6.5

EPSS 0.0084

EPSS Percentile 53.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-400 CWE-732

Status published

Products (1)

gitlab/gitlab 9.2.0 - 12.0.2 (2 CPE variants)

Published Mar 10, 2020

Tracked Since Feb 18, 2026