{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-16T23:14:55.796","vulnerabilities":[{"cve":{"id":"CVE-2019-15580","sourceIdentifier":"support@hackerone.com","published":"2019-12-18T21:15:11.977","lastModified":"2024-11-21T04:29:03.750","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An information exposure vulnerability exists in gitlab.com <v12.3.2, <v12.2.6, and <v12.1.10 when using the blocking merge request feature, it was possible for an unauthenticated user to see the head pipeline data of a public project even though pipeline visibility was restricted."},{"lang":"es","value":"Se presenta una vulnerabilidad de exposición de información en gitlab.com versiones anteriores a v12.3.2, versiones anteriores a v12.2.6 y versiones anteriores a v12.1.10, cuando se utiliza el bloqueo de la funcionalidad de petición de fusion, era posible que un usuario no autenticado visualizara los datos de la tubería principal de un proyecto público inclusive aunque la visibilidad de la tubería estaba restringida."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"support@hackerone.com","type":"Secondary","description":[{"lang":"en","value":"CWE-201"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*","versionEndExcluding":"12.1.10","matchCriteriaId":"AB2637E9-3EAC-4CC2-A614-E6BF2564484B"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*","versionEndExcluding":"12.1.10","matchCriteriaId":"308ED5C4-D836-4541-A789-DD76A8C61EE5"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*","versionStartIncluding":"12.2.0","versionEndExcluding":"12.2.6","matchCriteriaId":"ABCEAA2E-75C8-426B-8EAA-52D3F78FB2A1"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"12.2.0","versionEndExcluding":"12.2.6","matchCriteriaId":"AF5AC653-CE12-4759-B07A-04C20B9EBA7B"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*","versionStartIncluding":"12.3.0","versionEndExcluding":"12.3.2","matchCriteriaId":"5BB337AA-1FBB-4BEF-9652-F462CEC4BE71"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"12.3.0","versionEndExcluding":"12.3.2","matchCriteriaId":"DB3CF71C-AD05-4866-9629-0DB7E92775C2"}]}]}],"references":[{"url":"https://hackerone.com/reports/667408","source":"support@hackerone.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://hackerone.com/reports/667408","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}}]}