Main Vulnerability Database Vulnerabilities #VU30992

Improper Authorization in Gitlab Community Edition - CVE-2018-19581

Published: July 10, 2019 / Updated: July 17, 2020

Vulnerability identifier: #VU30992

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2018-19581

CWE-ID: CWE-285

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: GitLab, Inc

Affected software:
Gitlab Community Edition

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

GitLab EE, versions 8.3 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, is vulnerable to an insecure object reference vulnerability that allows a Guest user to set the weight of an issue they create.

How to mitigate CVE-2018-19581

Install update from vendor's website.

Sources

https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/
https://gitlab.com/gitlab-org/gitlab-ee/issues/7696

Improper Authorization in Gitlab Community Edition - CVE-2018-19581

Detailed vulnerability description

How to mitigate CVE-2018-19581

Sources

Please verify you're human