CVE-2019-15580 Information

Description

An information exposure vulnerability exists in gitlab.com v12.3.2 v12.2.6 and v12.1.10 when using the blocking merge request feature it was possible for an unauthenticated user to see the head pipeline data of a public project even though pipeline visibility was restricted.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Reference

https://hackerone.com/reports/667408

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

6.5