Main Vulnerability Database Vulnerabilities #VU31015

Improper access control in Gitlab Community Edition - CVE-2018-19577

Published: July 10, 2019 / Updated: July 17, 2020

Vulnerability identifier: #VU31015

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2018-19577

CWE-ID: CWE-284

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: GitLab, Inc

Affected software:
Gitlab Community Edition

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

Gitlab CE/EE, versions 8.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an incorrect access control vulnerability that displays to an unauthorized user the title and namespace of a confidential issue.

How to mitigate CVE-2018-19577

Install update from vendor's website.

Sources

http://www.securityfocus.com/bid/109179
https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/
https://gitlab.com/gitlab-org/gitlab-ce/issues/52444

Improper access control in Gitlab Community Edition - CVE-2018-19577

Detailed vulnerability description

How to mitigate CVE-2018-19577

Sources

Please verify you're human