CVE-2019-15731 (NVD)

2019-09-16

An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.2.1. Non-members were able to comment on merge requests despite the repository being set to allow only project members to do so.

Products Gitlab
Type Incorrect Permission Assignment for Critical Resource (CWE-732)
First patch - None (likely due to unavailable code)
Links https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/
https://gitlab.com/gitlab-org/gitlab-ce/issues/60465