CVE-2019-6787

Medium

6.5/10

Summary

An Incorrect Access Control issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. The GitLab API allowed project Maintainers and Owners to view the trigger tokens of other project users.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: NONE

References

Advisory Timeline

Published May 17, 2019

CVE-2019-6787

Summary

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS