Vulnerabilities > CVE-2019-12825 - Insecure Storage of Sensitive Information vulnerability in Gitlab

047910
CVSS 4.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
SINGLE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
gitlab
CWE-922
NVD
Published: 2020-02-17
Updated: 2020-02-28

Summary

Unauthorized Access to the Container Registry of other groups was discovered in GitLab Enterprise 12.0.0-pre. In other words, authenticated remote attackers can read Docker registries of other groups. When a legitimate user changes the path of a group, Docker registries are not adapted, leaving them in the old namespace. They are not protected and are available to all other users with no previous access to the repo.

Vulnerable Configurations

Part Description Count
Application
Gitlab
56

Common Weakness Enumeration (CWE)

References