Access Control Issue: Disclosure of Private Merge Requests and Issues in GitLab Group Search
CVE-2019-15590 · HIGH Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
An access control issue exists in < 12.3.5, < 12.2.8, and < 12.1.14 for GitLab Community Edition (CE) and Enterprise Edition (EE) where private merge requests and issues would be disclosed with the Group Search feature provided by Elasticsearch integration
Learn more about our Web Application Penetration Testing UK.