Access Control Issue: Disclosure of Private Merge Requests and Issues in GitLab Group Search

Access Control Issue: Disclosure of Private Merge Requests and Issues in GitLab Group Search

CVE-2019-15590 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

An access control issue exists in < 12.3.5, < 12.2.8, and < 12.1.14 for GitLab Community Edition (CE) and Enterprise Edition (EE) where private merge requests and issues would be disclosed with the Group Search feature provided by Elasticsearch integration

Learn more about our Web Application Penetration Testing UK.