Improper Access Control Vulnerability in GitLab <12.3.3 Allows Unauthorized Access to Container and Dependency Scanning Reports

Improper Access Control Vulnerability in GitLab <12.3.3 Allows Unauthorized Access to Container and Dependency Scanning Reports

CVE-2019-15591 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

An improper access control vulnerability exists in GitLab <12.3.3 that allows an attacker to obtain container and dependency scanning reports through the merge request widget even though public pipelines were disabled.

Learn more about our Web Application Penetration Testing UK.