CVE-2019-15592

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2019-15592
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-15592.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2019-15592
Downstream
Published
2020-02-14T22:15:10.360Z
Modified
2026-05-18T15:10:56.166125Z
Severity
  • 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
[none]
Details

GitLab 12.2.2 and below contains a security vulnerability that allows a guest user in a private project to see the merge request ID associated to an issue via the activity timeline.

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events
Introduced
44dbeccbe1039cb1d42d8502655ffb0bce3ae803
Fixed
f24cca94101de4e53f2be08deba3a15254823808
Introduced
1f2e6f3f6d84b8eab5526acdd69c38f5b78c3b0e
Fixed
a9cdd7fb733c20e5f8790f71921cb6540b5ac92a
Introduced
30032e00da906361c553a1eef4ffcd13378b43ee
Fixed
3a1dd80d30c720f1ba829178a698c3a34b7dfc25
Database specific 
{
    "extracted_events": [
        {
            "introduced": "11.2.0"
        },
        {
            "fixed": "12.0.8"
        },
        {
            "introduced": "12.1.0"
        },
        {
            "fixed": "12.1.8"
        },
        {
            "introduced": "12.2.0"
        },
        {
            "fixed": "12.2.3"
        }
    ],
    "source": "CPE_FIELD",
    "cpe": [
        "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
        "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*"
    ]
}

Affected versions

v12.*
v12.1.0-ee
v12.1.1-ee
v12.1.2-ee
v12.1.3-ee
v12.1.4-ee
v12.1.6-ee
v12.2.0-ee
v12.2.1-ee

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-15592.json"