Vulnerabilities > CVE-2019-20144 - Unspecified vulnerability in Gitlab

047910
CVSS 4.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
SINGLE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
low complexity
gitlab
nessus
NVD
Published: 2020-01-13
Updated: 2020-08-24

Summary

An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 10.8 through 12.6.1. It has Incorrect Access Control.

Vulnerable Configurations

Part Description Count
Application
Gitlab
510

Nessus

NASL familyFreeBSD Local Security Checks
NASL idFREEBSD_PKG_01BDE18A2E0911EAA935001B217B3468.NASL
descriptionSO-AND-SO reports : Group Maintainers Can Update/Delete Group Runners Using API GraphQL Queries Can Hang the Application Unauthorized Users Have Access to Milestones of Releases Private Group Name Revealed Through Protected Tags API Users Can Publish Reviews on Locked Merge Requests DoS in the Issue and Commit Comments Pages Project Name Disclosed Through Unsubscribe Link Private Project Name Disclosed Through Notification Settings
last seen2020-06-01
modified2020-06-02
plugin id132665
published2020-01-06
reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/132665
titleFreeBSD : Gitlab -- Multiple Vulnerabilities (01bde18a-2e09-11ea-a935-001b217b3468)

References