CVE-2019-12431

2020-03-1014:15:11

Google

osv.dev

6.5 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

20.1%

JSON

An issue was discovered in GitLab Community and Enterprise Edition 8.13 through 11.11. Restricted users could access the metadata of private milestones through the Search API. It has Improper Access Control.

CPENameOperatorVersion
gitlabeq11.11.0-rc5-ee
gitlabeq8.12.0-rc2-ee
gitlabeq8.12.0-rc1
gitlabeq6.7.1
gitlabeq8.11.0-rc3-ee
gitlabeq8.12.0-rc6-ee
gitlabeq11.11.0-rc3-ee
gitlabeq8.8.0-ee
gitlabeq7.4.4-ee
gitlabeq7.2.0.rc3-ee

Name	Operator	Version
gitlab	eq	11.11.0-rc5-ee
gitlab	eq	8.12.0-rc2-ee
gitlab	eq	8.12.0-rc1
gitlab	eq	6.7.1
gitlab	eq	8.11.0-rc3-ee
gitlab	eq	8.12.0-rc6-ee
gitlab	eq	11.11.0-rc3-ee
gitlab	eq	8.8.0-ee
gitlab	eq	7.4.4-ee
gitlab	eq	7.2.0.rc3-ee