CVE-2019-10115
First published: Thu May 16 2019(Updated: )
An Insecure Permissions issue (issue 2 of 3) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. The GitLab Releases feature could allow guest users access to private information like release details and code information.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GitLab | <11.7.8 | |
| GitLab | <11.7.8 | |
| GitLab | >=11.8.0<11.8.4 | |
| GitLab | >=11.8.0<11.8.4 | |
| GitLab | >=11.9.0<11.9.2 | |
| GitLab | >=11.9.0<11.9.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2019-10115?
CVE-2019-10115 is considered a moderate severity vulnerability due to the potential exposure of private information.
How do I fix CVE-2019-10115?
To mitigate CVE-2019-10115, update GitLab to version 11.7.8, 11.8.4, or 11.9.2 or later.
What does CVE-2019-10115 affect?
CVE-2019-10115 affects the GitLab Community and Enterprise Editions prior to version 11.7.8, 11.8.4, and 11.9.2.
Who can exploit CVE-2019-10115?
CVE-2019-10115 can be exploited by guest users to access restricted release details and code information.
Is CVE-2019-10115 part of a series of issues?
Yes, CVE-2019-10115 is identified as issue 2 of 3 related to insecure permissions in GitLab.
- agent/type
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/softwarecombine
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/gitlab
- canonical/gitlab
- version/gitlab/11.8.0
- version/gitlab/11.9.0