CVE-2019-12433: Input Validation
First published: Tue Mar 10 2020(Updated: )
An issue was discovered in GitLab Community and Enterprise Edition 11.7 through 11.11. It has Improper Input Validation. Restricted visibility settings allow creating internal projects in private groups, leading to multiple permission issues.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GitLab | >=11.7.0<=11.11.0 | |
| GitLab | >=11.7.0<=11.11.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2019-12433?
CVE-2019-12433 is rated as a medium severity vulnerability due to its impact on permissions and project visibility in GitLab.
How do I fix CVE-2019-12433?
To fix CVE-2019-12433, update GitLab to version 11.11.1 or later, which addresses the improper input validation issue.
What are the affected versions of GitLab for CVE-2019-12433?
CVE-2019-12433 affects GitLab Community and Enterprise Edition versions 11.7.0 to 11.11.0.
What types of issues does CVE-2019-12433 lead to?
CVE-2019-12433 can lead to multiple permission issues and unintended visibility of projects within private groups.
Can CVE-2019-12433 affect private groups on GitLab?
Yes, CVE-2019-12433 can allow the creation of internal projects in private groups, leading to unauthorized access.
- agent/type
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/softwarecombine
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/gitlab
- canonical/gitlab
- version/gitlab/11.7.0
- version/gitlab/11.11.0