CVE-2019-18460

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2019-18460

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-18460.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2019-18460

Published

2019-11-26T15:15:12.127Z

Modified

2026-05-13T12:02:23.020298Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

An issue was discovered in GitLab Community and Enterprise Edition 8.15 through 12.4 in the Comments Search feature provided by the Elasticsearch integration. It has Incorrect Access Control.

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type

GIT

Repo

https://gitlab.com/gitlab-org/gitlab

Events

Introduced

c1710afbd437c557741ff4c7fa185c6ffb89bf1b

Last affected

572e09f5e8fcd54b0366836668e6685da68de22f

Database specific

{
    "source": "CPE_FIELD",
    "cpe": [
        "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
        "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*"
    ],
    "extracted_events": [
        {
            "introduced": "8.15.0"
        },
        {
            "last_affected": "12.4.0"
        }
    ]
}

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-18460.json"