CVE-2019-15576

Опубликовано: 18 дек. 2019

Источник: debian

EPSS Низкий

Описание

An information disclosure vulnerability exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.12 that allowed an attacker to view private system notes from a GraphQL endpoint.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
gitlab	fixed	12.6.8-3		package

Примечания

https://hackerone.com/reports/633001
https://about.gitlab.com/releases/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/

EPSS

Процентиль: 60%

0.004

Низкий

Связанные уязвимости

CVE-2019-15576

CVSS3: 7.5

ubuntu

больше 5 лет назад

An information disclosure vulnerability exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.12 that allowed an attacker to view private system notes from a GraphQL endpoint.

CVE-2019-15576

CVSS3: 7.5

nvd

больше 5 лет назад

An information disclosure vulnerability exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.12 that allowed an attacker to view private system notes from a GraphQL endpoint.

GHSA-ff73-cwc3-6v5j

github

около 3 лет назад

An information disclosure vulnerability exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.12 that allowed an attacker to view private system notes from a GraphQL endpoint.

EPSS

Процентиль: 60%

0.004

Низкий