CVE-2019-5463

An authorization issue was discovered in the GitLab CE/EE CI badge images endpoint which could result in disclosure of the build status. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6.

Published : 2019-09-09 18:15 Updated : 2019-10-09 23:50

5.0
CVSS Score More info
Score 5.0 / 10
5.0
Vendor Product Version URI
Gitlab Gitlab 11.11.0 cpe:/a:gitlab:gitlab:11.11.0::~~community~~~
Gitlab Gitlab 11.11.0 cpe:/a:gitlab:gitlab:11.11.0::~~enterprise~~~
Gitlab Gitlab 11.11.1 cpe:/a:gitlab:gitlab:11.11.1::~~community~~~
Gitlab Gitlab 11.11.1 cpe:/a:gitlab:gitlab:11.11.1::~~enterprise~~~
Gitlab Gitlab 11.11.2 cpe:/a:gitlab:gitlab:11.11.2::~~community~~~
Gitlab Gitlab 11.11.2 cpe:/a:gitlab:gitlab:11.11.2::~~enterprise~~~
Gitlab Gitlab 11.11.3 cpe:/a:gitlab:gitlab:11.11.3::~~community~~~
Gitlab Gitlab 11.11.3 cpe:/a:gitlab:gitlab:11.11.3::~~enterprise~~~
Gitlab Gitlab 11.11.4 cpe:/a:gitlab:gitlab:11.11.4::~~community~~~
Gitlab Gitlab 11.11.4 cpe:/a:gitlab:gitlab:11.11.4::~~enterprise~~~
Gitlab Gitlab 11.11.5 cpe:/a:gitlab:gitlab:11.11.5::~~community~~~
Gitlab Gitlab 11.11.5 cpe:/a:gitlab:gitlab:11.11.5::~~enterprise~~~
Gitlab Gitlab 12.0.0 cpe:/a:gitlab:gitlab:12.0.0::~~community~~~
Gitlab Gitlab 12.0.0 cpe:/a:gitlab:gitlab:12.0.0::~~enterprise~~~
Gitlab Gitlab 12.0.1 cpe:/a:gitlab:gitlab:12.0.1::~~community~~~
Gitlab Gitlab 12.0.1 cpe:/a:gitlab:gitlab:12.0.1::~~enterprise~~~
Gitlab Gitlab 12.0.2 cpe:/a:gitlab:gitlab:12.0.2::~~community~~~
Gitlab Gitlab 12.0.2 cpe:/a:gitlab:gitlab:12.0.2::~~enterprise~~~
Gitlab Gitlab 12.0.3 cpe:/a:gitlab:gitlab:12.0.3::~~community~~~
Gitlab Gitlab 12.0.3 cpe:/a:gitlab:gitlab:12.0.3::~~enterprise~~~
Gitlab Gitlab 12.1.0 cpe:/a:gitlab:gitlab:12.1.0::~~community~~~
Gitlab Gitlab 12.1.0 cpe:/a:gitlab:gitlab:12.1.0::~~enterprise~~~
Gitlab Gitlab 12.1.1 cpe:/a:gitlab:gitlab:12.1.1::~~community~~~
Gitlab Gitlab 12.1.1 cpe:/a:gitlab:gitlab:12.1.1::~~enterprise~~~
  1. Gitlab (1) Search CVE
    1. Gitlab (12) Search CVE
      1. 11.11.0
      2. 11.11.1
      3. 11.11.2
      4. 11.11.3
      5. 11.11.4
      6. 11.11.5
      7. 12.0.0
      8. 12.0.1
      9. 12.0.2
      10. 12.0.3
      11. 12.1.0
      12. 12.1.1

CWE

ID Name Description Links
CWE-862 Missing Authorization The software does not perform an authorization check when an actor attempts to access a resource or perform an action. CVE

History of changes

Date Event
2019-10-09 23:50
2019-09-10 19:34
2019-09-09 18:17

New CVE