CVE-2019-15734
MEDIUMGitLab 8.6.0-12.2.1 - Unauthorized Exposure of Sensitive Commit and Comment Data
Title source: llmDescription
An issue was discovered in GitLab Community and Enterprise Edition 8.6 through 12.2.1. Under very specific conditions, commit titles and team member comments could become viewable to users who did not have permission to access these.
References (2)
Core 2
Core References
Broken Link x_refsource_misc
https://gitlab.com/gitlab-org/gitlab-ce/issues/64711
Release Notes, Vendor Advisory x_refsource_confirm
https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
Scores
CVSS v3
4.3
EPSS
0.0014
EPSS Percentile
34.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (1)
gitlab/gitlab
8.6.0 - 12.0.8 (2 CPE variants)
Published
Sep 16, 2019
Tracked Since
Feb 18, 2026