Information Disclosure in GitLab Community Edition (CE) and Enterprise Edition (EE) Allows Path Disclosure in Unsubscribe Email Links

Information Disclosure in GitLab Community Edition (CE) and Enterprise Edition (EE) Allows Path Disclosure in Unsubscribe Email Links

CVE-2019-15578 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE). The path of a private project, that used to be public, would be disclosed in the unsubscribe email link of issues and merge requests.

Learn more about our Web Application Penetration Testing UK.