Information disclosure via improper authorization controls
Summary
GitLab has remediated an issue in GitLab EE affecting all versions from 9.5 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user with maintainer-role permissions to obtain another user's stored credentials due to improper authorization controls. A flaw was found in GitLab EE. This vulnerability allows the user to obtain other users' stored credentials, leading to unauthorized information disclosure. Red Hat severity: Moderate — CVSS 4.9 (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N). Weakness: CWE-266. Affected Red Hat products: OpenShift Pipelines; Red Hat OpenShift Container Platform 4. Red Hat does not currently list a fixing RHSA for this CVE.
- < 9.5
- < 18.11.7
- < 19.0
- < 19.0.4
- < 19.1
- < 19.1.2
Official advisory · high-confidence parse· fetched 2 hours ago·verify at source
Mitigation
Mitigation steps weren't captured by the parser for this advisory — this is a parsing gap, not a statement that no fix exists. Read the vendor advisory below for the authoritative guidance.
Official advisory · high-confidence parse· fetched 2 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.