Vulnerabilities > CVE-2019-19629 - Unspecified vulnerability in Gitlab
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
In GitLab EE 10.5 through 12.5.3, 12.4.5, and 12.3.8, when transferring a public project to a private group, private code would be disclosed via the Group Search API provided by the Elasticsearch integration.
Vulnerable Configurations
Nessus
| NASL family | FreeBSD Local Security Checks |
| NASL id | FREEBSD_PKG_219441441B9011EAA2D4001B217B3468.NASL |
| description | Gitlab reports : Path traversal with potential remote code execution Disclosure of private code via Elasticsearch integration Update Git dependency |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 131970 |
| published | 2019-12-12 |
| reporter | This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
| source | https://www.tenable.com/plugins/nessus/131970 |
| title | FreeBSD : Gitlab -- Multiple Vulnerabilities (21944144-1b90-11ea-a2d4-001b217b3468) |