CVE-2019-15727: Infoleak
First published: Mon Sep 16 2019(Updated: )
An issue was discovered in GitLab Community and Enterprise Edition 11.2 through 12.2.1. Insufficient permission checks were being applied when displaying CI results, potentially exposing some CI metrics data to unauthorized users.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GitLab | >=11.2.0<12.0.8 | |
| GitLab | >=11.2.0<12.0.8 | |
| GitLab | >=12.1.0<12.1.8 | |
| GitLab | >=12.1.0<12.1.8 | |
| GitLab | >=12.2.0<12.2.3 | |
| GitLab | >=12.2.0<12.2.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2019-15727?
CVE-2019-15727 has been classified as a medium severity vulnerability due to insufficient permission checks.
How do I fix CVE-2019-15727?
To fix CVE-2019-15727, upgrade your GitLab instance to version 12.2.3 or later.
What systems are affected by CVE-2019-15727?
CVE-2019-15727 affects GitLab Community and Enterprise Editions from versions 11.2 through 12.2.1.
What are the risks associated with CVE-2019-15727?
The risks of CVE-2019-15727 include unauthorized access to CI metrics data by users without proper permissions.
How can I verify if my GitLab instance is vulnerable to CVE-2019-15727?
You can verify vulnerability by checking if your GitLab version is between 11.2 and 12.2.1.
- agent/references
- agent/type
- agent/weakness
- agent/author
- agent/severity
- agent/softwarecombine
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/gitlab
- canonical/gitlab
- version/gitlab/11.2.0
- version/gitlab/12.1.0
- version/gitlab/12.2.0