Information disclosure vulnerability in Gitlab-ee - CVE-2019-19629 (dpkg)ID: oval:org.secpod.oval:def:61108 | Date: (C)2020-02-06 (M)2023-08-03 |
Class: VULNERABILITY | Family: unix |
The host is installed with Gitlab-ee 10.5.x through 12.3.8, 12.4.x through 12.4.5 or 12.5.x through 12.5.3 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle a issue in the Group Search API provided by the Elasticsearch integration. Successful exploitation allows attackers to diclose private code, when transferring a public project to a private group.