CVE-2019-11545

Severity CVSS v4.0:
Pending analysis
Type:
CWE-200 Information Leak / Disclosure
Publication date:
09/09/2019
Last modified:
10/09/2019

Description

An issue was discovered in GitLab Community Edition 11.9.x before 11.9.10 and 11.10.x before 11.10.2. It allows Information Disclosure. When an issue is moved to a private project, the private project namespace is leaked to unauthorized users with access to the original issue.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* 11.9.0 (including) 11.9.10 (excluding)
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* 11.9.0 (including) 11.9.10 (excluding)
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* 11.10.0 (including) 11.10.2 (excluding)
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* 11.10.0 (including) 11.10.2 (excluding)