Improper access control vulnerability in Gitlab-ee - CVE-2019-15590 (rpm)ID: oval:org.secpod.oval:def:4101002 | Date: (C)2020-02-26 (M)2023-08-03 |
Class: VULNERABILITY | Family: unix |
The host is installed with Gitlab-ee after 11.5, before 12.1.14, 12.2.0 before 12.2.8, 12.3.0 before 12.3.5 and is prone to an improper access control vulnerability. A flaw is present in the application, which fails to handle group search feature provided by elasticsearch integration. Successful exploitation allows attackers to disclose private merge requests information.