Main Vulnerability Database Vulnerabilities #VU31012

Improper access control in Gitlab Community Edition - CVE-2018-19494

Published: July 10, 2019 / Updated: July 17, 2020

Vulnerability identifier: #VU31012

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-19494

CWE-ID: CWE-284

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: GitLab, Inc

Affected software:
Gitlab Community Edition

Detailed vulnerability description

The vulnerability allows a remote authenticated user to gain access to sensitive information.

An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is an incorrect access vulnerability that allows an unauthorized user to view private group names.

How to mitigate CVE-2018-19494

Install update from vendor's website.

Sources

https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/
https://gitlab.com/gitlab-org/gitlab-ce/issues/51262

Improper access control in Gitlab Community Edition - CVE-2018-19494

Detailed vulnerability description

How to mitigate CVE-2018-19494

Sources

Please verify you're human