{"id":"CVE-2019-5469","details":"An IDOR vulnerability exists in GitLab \u003cv12.1.2, \u003cv12.0.4, and \u003cv11.11.6 that allowed uploading files from project archive to replace other users files potentially allowing an attacker to replace project binaries or other uploaded assets.","modified":"2026-03-13T00:24:59.921578Z","published":"2019-12-18T21:15:14.303Z","references":[{"type":"REPORT","url":"https://hackerone.com/reports/534794"},{"type":"EVIDENCE","url":"https://gitlab.com/gitlab-org/gitlab-ce/issues/60551"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://gitlab.com/gitlab-org/gitlab","events":[{"introduced":"3b13818e8330f68625d80d9bf5d8049c41fbe197"},{"fixed":"38ffa850dd81d9f41c9fbc86dfb73135236ebe87"},{"introduced":"3b13818e8330f68625d80d9bf5d8049c41fbe197"},{"fixed":"38ffa850dd81d9f41c9fbc86dfb73135236ebe87"},{"introduced":"1f2e6f3f6d84b8eab5526acdd69c38f5b78c3b0e"},{"fixed":"d7aa668babded1e4e23922e8660762ddb845ebf1"},{"introduced":"1f2e6f3f6d84b8eab5526acdd69c38f5b78c3b0e"},{"fixed":"d7aa668babded1e4e23922e8660762ddb845ebf1"}],"database_specific":{"versions":[{"introduced":"12.0.0"},{"fixed":"12.0.4"},{"introduced":"12.0.0"},{"fixed":"12.0.4"},{"introduced":"12.1.0"},{"fixed":"12.1.2"},{"introduced":"12.1.0"},{"fixed":"12.1.2"}]}}],"versions":["v12.0.0-ee","v12.0.1-ee","v12.0.2-ee","v12.0.3-ee","v12.1.0-ee","v12.1.1-ee"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"11.11.0"},{"fixed":"11.11.6"}]},{"events":[{"introduced":"11.11.0"},{"fixed":"11.11.6"}]}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-5469.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"}]}