CVE-2019-11549

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2019-11549

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-11549.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2019-11549

Published

2019-09-09T19:15:11.033Z

Modified

2026-02-05T06:36:57.784318Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

An issue was discovered in GitLab Community and Enterprise Edition 9.x, 10.x, and 11.x before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. Gitaly has allows an information disclosure issue where HTTP/GIT credentials are included in logs on connection errors.

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type: GIT
Repo: https://gitlab.com/gitlab-org/gitlab
Events: Introduced

dfa95630be4342688ff24c0fa0d283e427a4a996

Fixed

1aafae9879cca6d2c90c17bedca3bfcd3e952ce4

Introduced

c6f72ac9a88521257991aa9a0cc6d558126f5bb9

Fixed

a00a46bf7a7b78efbcd6a82b40354145e6becbbb

Introduced

2f3536bdda88ae962d4f67ced68af6efd82254f1

Fixed

b3dc93d5825685a67c70cf3c10a64f713dc5f54b

Affected versions

v11.*

v11.0.0.pre

v11.1.0.pre

v11.10.0-ee

v11.10.1-ee

v11.2.0.pre

v11.3.0.pre

v11.8.0-ee

v11.8.0-rc1-ee

v11.8.0-rc2-ee

v11.8.0-rc3-ee

v11.8.0-rc4-ee

v11.8.0-rc5-ee

v11.8.0-rc6-ee

v11.8.0-rc7-ee

v11.8.0-rc8-ee

v11.8.0-rc9-ee

v11.8.1-ee

v11.8.2-ee

v11.8.3-ee

v11.8.6-ee

v11.8.7-ee

v11.8.8-ee

v11.9.0-ee

v11.9.0-rc1-ee

v11.9.0-rc10-ee

v11.9.0-rc2-ee

v11.9.0-rc3-ee

v11.9.0-rc4-ee

v11.9.0-rc5-ee

v11.9.0-rc6-ee

v11.9.0-rc7-ee

v11.9.0-rc8-ee

v11.9.0-rc9-ee

v11.9.1-ee

v11.9.4-ee

v11.9.5-ee

v11.9.6-ee

v11.9.7-ee

v11.9.8-ee

v11.9.9-ee

v6.*

v6.0.0-ee

v6.0.0-ee.beta

v6.0.0-ee.rc1

v6.1.0-ee

v6.2.1

v6.2.2

v6.3.0-ee

v6.3.1-ee

v6.4.0-ee

v6.4.1

v6.4.2

v6.4.3

v6.5.0-ee

v6.5.1

v6.6.0-ee

v6.6.1

v6.6.2

v6.7.0-ee

v6.7.0.rc1-ee

v6.7.1

v6.7.2

v6.8.0-ee

v6.8.1

v7.*

v7.0.0-ee

v7.1.0-ee

v7.1.0.rc1-ee

v7.2.0.rc1-ee

v7.2.0.rc2-ee

v7.2.0.rc3-ee

v7.2.0.rc4-ee

v7.2.0.rc5-ee

v7.3.0-ee

v7.3.0.rc1-ee

v7.4.0-ee

v7.4.1-ee

v7.4.2-ee

v7.4.3-ee

v7.4.4-ee

v8.*

v8.11.0

v8.11.0-ee

v8.11.0-rc1

v8.11.0-rc1-ee

v8.11.0-rc2

v8.11.0-rc2-ee

v8.11.0-rc3

v8.11.0-rc3-ee

v8.11.0-rc4

v8.11.0-rc4-ee

v8.11.0-rc5

v8.11.0-rc5-ee

v8.11.0-rc6

v8.11.0-rc6-ee

v8.11.0-rc7

v8.11.0-rc7-ee

v8.11.1

v8.12.0

v8.12.0-ee

v8.12.0-rc1

v8.12.0-rc1-ee

v8.12.0-rc2

v8.12.0-rc2-ee

v8.12.0-rc3

v8.12.0-rc3-ee

v8.12.0-rc4

v8.12.0-rc4-ee

v8.12.0-rc5

v8.12.0-rc5-ee

v8.12.0-rc6

v8.12.0-rc6-ee

v8.12.0-rc7

v8.12.0-rc7-ee

v8.12.0.pre

v8.12.1

v8.12.1-ee

v8.12.2

v8.12.2-ee

v8.12.3-ee

v8.2.0-ee

v8.2.0.rc1

v8.2.0.rc1-ee

v8.2.0.rc2

v8.2.0.rc2-ee

v8.8.0

v8.8.0-ee

v8.8.0-rc1

v8.8.0-rc1-ee

v8.8.0-rc2

v8.8.0-rc2-ee

v8.8.1-ee

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-11549.json"