CVE-2019-15721

medium

Description

An issue was discovered in GitLab Community and Enterprise Edition 10.8 through 12.2.1. An internal endpoint unintentionally allowed group maintainers to view and edit group runner settings.

References

https://gitlab.com/gitlab-org/gitlab-ce/issues/61981

https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/

Details

Source: Mitre, NVD

Published: 2019-09-16

Updated: 2019-09-17

Risk Information

CVSS v2

Base Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 5.4

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N