CVE-2019-15580

MEDIUM

Gitlab < 12.1.10 - Information Disclosure

Title source: rule

Description

An information exposure vulnerability exists in gitlab.com <v12.3.2, <v12.2.6, and <v12.1.10 when using the blocking merge request feature, it was possible for an unauthenticated user to see the head pipeline data of a public project even though pipeline visibility was restricted.

References (1)

[Exploit, Third Party Advisory] https://hackerone.com/reports/667408

Scores

CVSS v3 6.5

EPSS 0.0024

EPSS Percentile 46.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-201 CWE-200

Status published

Affected Products (2)

gitlab/gitlab < 12.1.10

Timeline

Published Dec 18, 2019

Tracked Since Feb 18, 2026