CVE-2019-19254

MEDIUM

GitLab CE/EE <12.5 - Info Disclosure

Title source: llm
STIX 2.1

Description

GitLab Community Edition (CE) and Enterprise Edition (EE). 9.6 and later through 12.5 has Incorrect Access Control.

References (3)

Core 3
Core References
Release Notes, Vendor Advisory x_refsource_misc
https://about.gitlab.com/blog/categories/releases/
Broken Link, Vendor Advisory x_refsource_misc
https://gitlab.com/gitlab-org/gitlab/issues/12219

Scores

CVSS v3 5.3
EPSS 0.0018
EPSS Percentile 39.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE
CWE-200
Status published
Products (1)
gitlab/gitlab 9.6.0 - 12.5.1 (2 CPE variants)
Published Jan 03, 2020
Tracked Since Feb 18, 2026