CVE-2019-12431
First published: Tue Mar 10 2020(Updated: )
An issue was discovered in GitLab Community and Enterprise Edition 8.13 through 11.11. Restricted users could access the metadata of private milestones through the Search API. It has Improper Access Control.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GitLab | >=8.13.0<=11.11.0 | |
| GitLab | >=8.13.0<=11.11.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2019-12431?
CVE-2019-12431 has a medium severity rating due to improper access control allowing restricted users to access private milestone metadata.
How do I fix CVE-2019-12431?
To fix CVE-2019-12431, upgrade your GitLab installation to version 11.11.1 or later.
What versions of GitLab are affected by CVE-2019-12431?
CVE-2019-12431 affects GitLab Community and Enterprise Editions from versions 8.13.0 to 11.11.0.
Can restricted users exploit CVE-2019-12431?
Yes, restricted users can exploit CVE-2019-12431 to access metadata of private milestones via the Search API.
Is there a patch for CVE-2019-12431?
Yes, a patch for CVE-2019-12431 is included in the GitLab release version 11.11.1 and later.
- agent/references
- agent/type
- agent/author
- agent/severity
- agent/softwarecombine
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/gitlab
- canonical/gitlab
- version/gitlab/8.13.0
- version/gitlab/11.11.0