Main Vulnerability Database SB2019051708

SB2019051708 - Improper access control in GitLab, Gitlab Community Edition

Published: May 17, 2019 Updated: July 17, 2020

Security Bulletin ID SB2019051708

Severity

High

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper access control (CVE-ID: CVE-2019-7353)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

An Incorrect Access Control issue was discovered in GitLab Community and Enterprise Edition 11.7.x before 11.7.4. GitLab Releases were vulnerable to an authorization issue that allowed users to view confidential issue and merge request titles of other projects.

Remediation

Install update from vendor's website.

References

https://about.gitlab.com/2019/02/05/critical-security-release-gitlab-11-dot-7-dot-4-released/
https://gitlab.com/gitlab-org/gitlab-ce/issues/56568