CVE-2019-12825

Unauthorized Access to the Container Registry of other groups was discovered in GitLab Enterprise 12.0.0-pre. In other words, authenticated remote attackers can read Docker registries of other groups. When a legitimate user changes the path of a group, Docker registries are not adapted, leaving them in the old namespace. They are not protected and are available to all other users with no previous access to the repo.

Published: Feb 17, 2020
Updated: Apr 13, 2023
CVE: CVE-2019-12825
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.3
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CVSS v2:

Severity: Low
Score: 4
AV:N/AC:L/Au:S/C:P/I:N/A:N

CWEs:

CWE-922

Affected Software
References

Software	From	Fixed in
gitlab / gitlab	12.0.0-pre	12.0.0-pre.x
gitlab / gitlab	12.0.1	12.5.0
gitlab / gitlab	12.0.0	12.0.0.x

https://about.gitlab.com/blog/categories/releases/
https://atomic111.github.io/article/gitlab-Unauthorized-Access-to-Container-Registry

Vulnerability Database

290,476

CVE-2019-12825