Main Vulnerability Database Vulnerabilities #VU23351

Improper Authorization in Gitlab Community Edition and GitLab Enterprise Edition - CVE-2019-18459

Published: December 3, 2019

Vulnerability identifier: #VU23351

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2019-18459

CWE-ID: CWE-285

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: GitLab, Inc

Affected software:
Gitlab Community Edition
GitLab Enterprise Edition

Detailed vulnerability description

The vulnerability allows an attacker to bypass authorization checks.

The vulnerability exists due to improper authorization checks in the protected environments feature. A remote attacker can gain access to protected environments even after removal.

How to mitigate CVE-2019-18459

Install update from vendor's website.

Sources

https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/
https://about.gitlab.com/blog/categories/releases/

Improper Authorization in Gitlab Community Edition and GitLab Enterprise Edition - CVE-2019-18459

Detailed vulnerability description

How to mitigate CVE-2019-18459

Sources

Please verify you're human