An authorization issue was discovered in GitLab EE < 12.1.2, < 12.0.4, and < 11.11.6 allowing the merge request approval rules to be overridden without appropriate permissions.
References
Link | Resource |
---|---|
https://about.gitlab.com/releases/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/ | Patch Release Notes Vendor Advisory |
https://gitlab.com/gitlab-org/gitlab-ee/issues/11423 | Exploit Vendor Advisory |
https://hackerone.com/reports/544756 | Permissions Required |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: hackerone
Published: 2020-01-28T02:29:38
Updated: 2020-01-28T02:29:38
Reserved: 2019-01-04T00:00:00
Link: CVE-2019-5474
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-01-28T03:15:11.310
Modified: 2020-10-19T19:42:59.423
Link: CVE-2019-5474
JSON object: View
Redhat Information
No data.