CVE-2019-12825 - Insecure Storage of Sensitive Information

Severity

43%

Complexity

27%

Confidentiality

23%

Unauthorized Access to the Container Registry of other groups was discovered in GitLab Enterprise 12.0.0-pre. In other words, authenticated remote attackers can read Docker registries of other groups. When a legitimate user changes the path of a group, Docker registries are not adapted, leaving them in the old namespace. They are not protected and are available to all other users with no previous access to the repo.

Unauthorized Access to the Container Registry of other groups was discovered in GitLab Enterprise 12.0.0-pre. In other words, authenticated remote attackers can read Docker registries of other groups. When a legitimate user changes the path of a group, Docker registries are not adapted, leaving them in the old namespace. They are not protected and are available to all other users with no previous access to the repo.

CVSS 3.1 Base Score 4.3. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).

CVSS 2.0 Base Score 4. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N).

Overview

Type

GitLab 12.0.0

First reported 5 years ago

2020-02-17 14:15:00

Last updated 4 years ago

2020-02-28 19:52:00

Affected Software

GitLab 12.0.0 Enterprise Edition

12.0.0

GitLab 12.0.0 Pre Enterprise Edition

12.0.0

References

https://about.gitlab.com/blog/categories/releases/

Release Notes, Vendor Advisory

https://atomic111.github.io/article/gitlab-Unauthorized-Access-to-Container-Registry

Third Party Advisory

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.