CVE-2019-12429
First published: Tue Mar 10 2020(Updated: )
An issue was discovered in GitLab Community and Enterprise Edition 11.9 through 11.11. Unprivileged users were able to access labels, status and merge request counts of confidential issues via the milestone details page. It has Improper Access Control.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GitLab | >=11.9.0<=11.11.0 | |
| GitLab | >=11.9.0<=11.11.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2019-12429?
CVE-2019-12429 has a medium severity rating due to improper access control issues.
How do I fix CVE-2019-12429?
To fix CVE-2019-12429, upgrade to GitLab Community or Enterprise Edition version 11.11.1 or later.
Who is affected by CVE-2019-12429?
CVE-2019-12429 affects GitLab Community and Enterprise Editions from version 11.9 to 11.11.0.
What types of information can unprivileged users access in CVE-2019-12429?
Unprivileged users can access labels, status, and merge request counts of confidential issues.
What is the nature of the vulnerability in CVE-2019-12429?
CVE-2019-12429 is an issue of improper access control that allows unauthorized information disclosure.
- agent/references
- agent/type
- agent/severity
- agent/author
- agent/softwarecombine
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/gitlab
- canonical/gitlab
- version/gitlab/11.9.0
- version/gitlab/11.11.0