Main Vulnerability Database Vulnerabilities #VU30518

#VU30518 Authorization bypass through user-controlled key in Gitlab Community Edition - CVE-2019-5469

Published: December 18, 2019 / Updated: July 17, 2020

Vulnerability identifier: #VU30518

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2019-5469

CWE-ID:

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Gitlab Community Edition

Software vendor:
GitLab, Inc

Description

The vulnerability allows a remote authenticated user to manipulate data.

An IDOR vulnerability exists in GitLab <v12.1.2, <v12.0.4, and <v11.11.6 that allowed uploading files from project archive to replace other users files potentially allowing an attacker to replace project binaries or other uploaded assets.

Remediation

Install update from vendor's website.

External links

https://gitlab.com/gitlab-org/gitlab-ce/issues/60551
https://hackerone.com/reports/534794

#VU30518 Authorization bypass through user-controlled key in Gitlab Community Edition - CVE-2019-5469

Description

Remediation

External links

Please verify you're human