CVE-2019-6787
MEDIUMGitLab Community/E Enterprise <11.5.8-11.7.1 - Info Disclosure
Title source: llmDescription
An Incorrect Access Control issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. The GitLab API allowed project Maintainers and Owners to view the trigger tokens of other project users.
References (2)
Core 2
Core References
Release Notes, Vendor Advisory x_refsource_misc
https://about.gitlab.com/blog/categories/releases/
Release Notes, Vendor Advisory x_refsource_misc
https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/
Scores
CVSS v3
6.5
EPSS
0.0012
EPSS Percentile
31.0%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
Status
published
Products (1)
gitlab/gitlab
8.12.0 - 11.5.8 (2 CPE variants)
Published
May 17, 2019
Tracked Since
Feb 18, 2026