{"id":"CVE-2019-15592","details":"GitLab 12.2.2 and below contains a security vulnerability that allows a guest user in a private project to see the merge request ID associated to an issue via the activity timeline.","modified":"2026-04-10T04:15:47.604458Z","published":"2020-02-14T22:15:10.360Z","references":[{"type":"ADVISORY","url":"https://about.gitlab.com/releases/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/"},{"type":"REPORT","url":"https://hackerone.com/reports/588876"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://gitlab.com/gitlab-org/gitlab","events":[{"introduced":"44dbeccbe1039cb1d42d8502655ffb0bce3ae803"},{"fixed":"f24cca94101de4e53f2be08deba3a15254823808"},{"introduced":"44dbeccbe1039cb1d42d8502655ffb0bce3ae803"},{"fixed":"f24cca94101de4e53f2be08deba3a15254823808"},{"introduced":"1f2e6f3f6d84b8eab5526acdd69c38f5b78c3b0e"},{"fixed":"a9cdd7fb733c20e5f8790f71921cb6540b5ac92a"},{"introduced":"1f2e6f3f6d84b8eab5526acdd69c38f5b78c3b0e"},{"fixed":"a9cdd7fb733c20e5f8790f71921cb6540b5ac92a"},{"introduced":"30032e00da906361c553a1eef4ffcd13378b43ee"},{"fixed":"3a1dd80d30c720f1ba829178a698c3a34b7dfc25"},{"introduced":"30032e00da906361c553a1eef4ffcd13378b43ee"},{"fixed":"3a1dd80d30c720f1ba829178a698c3a34b7dfc25"}],"database_specific":{"versions":[{"introduced":"11.2.0"},{"fixed":"12.0.8"},{"introduced":"11.2.0"},{"fixed":"12.0.8"},{"introduced":"12.1.0"},{"fixed":"12.1.8"},{"introduced":"12.1.0"},{"fixed":"12.1.8"},{"introduced":"12.2.0"},{"fixed":"12.2.3"},{"introduced":"12.2.0"},{"fixed":"12.2.3"}]}}],"versions":["v12.1.0-ee","v12.1.1-ee","v12.1.2-ee","v12.1.3-ee","v12.1.4-ee","v12.1.6-ee","v12.2.0-ee","v12.2.1-ee"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-15592.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}]}