{ "affected": [ { "ranges": [ { "database_specific": { "versions": [ { "introduced": "12.0.1" }, { "fixed": "12.5.0" }, { "introduced": "0" }, { "last_affected": "12.0.0-NA" }, { "introduced": "0" }, { "last_affected": "12.0.0-pre" } ] }, "events": [ { "introduced": "3a5f14fef4e06fb440f35522bfd52d43beb0cbec" }, { "fixed": "4878f9ac8941c5ad124c9f2216897109c5dde4af" }, { "introduced": "0" }, { "last_affected": "3b13818e8330f68625d80d9bf5d8049c41fbe197" }, { "introduced": "0" }, { "last_affected": "3b13818e8330f68625d80d9bf5d8049c41fbe197" } ], "repo": "https://gitlab.com/gitlab-org/gitlab", "type": "GIT" } ] } ], "details": "Unauthorized Access to the Container Registry of other groups was discovered in GitLab Enterprise 12.0.0-pre. In other words, authenticated remote attackers can read Docker registries of other groups. When a legitimate user changes the path of a group, Docker registries are not adapted, leaving them in the old namespace. They are not protected and are available to all other users with no previous access to the repo.", "id": "CVE-2019-12825", "modified": "2026-03-13T21:56:06.327222273Z", "published": "2020-02-17T14:15:11.810Z", "references": [ { "type": "ADVISORY", "url": "https://about.gitlab.com/blog/categories/releases/" }, { "type": "ADVISORY", "url": "https://atomic111.github.io/article/gitlab-Unauthorized-Access-to-Container-Registry" } ], "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "type": "CVSS_V3" } ] }