CVE-2019-15721 - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

CVE-2019-15721 (NVD)

2019-09-16

An issue was discovered in GitLab Community and Enterprise Edition 10.8 through 12.2.1. An internal endpoint unintentionally allowed group maintainers to view and edit group runner settings.

Products	Gitlab
Type	Incorrect Permission Assignment for Critical Resource (CWE-732)
First patch	- None (likely due to unavailable code)
Links	• https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/ • https://gitlab.com/gitlab-org/gitlab-ce/issues/61981