Vulnerability Database

290,206

Total vulnerabilities in the database

CVE-2019-6996

An issue was discovered in GitLab Enterprise Edition 10.x (starting in 10.6) and 11.x before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control. The merge request approvers section has an access control issue that permits project maintainers to view membership of private groups.

  • Published: Sep 9, 2019
  • Updated: Apr 13, 2023
  • CVE: CVE-2019-6996
  • Severity: Low
  • Exploit:

CVSS v3:

  • Severity: Low
  • Score: 4.3
  • AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CVSS v2:

  • Severity: Low
  • Score: 4
  • AV:N/AC:L/Au:S/C:P/I:N/A:N

CWEs:

Software From Fixed in
gitlab / gitlab 11.7.0 11.7.1
gitlab / gitlab 11.6.0 11.6.6
gitlab / gitlab 11.0.0 11.5.8
gitlab / gitlab 10.6.0 10.8.7.x