CVE-2018-19572
published 2019-07-10CVE-2018-19572: GitLab CE 8.17 and later and EE 8.3 and later have a symlink time-of-check-to-time-of-use race condition that would allow unauthorized access to files in the…
PriorityP430medium5.9CVSS 3.0
AVNACHPRNUINSUCHINAN
EPSS
0.92%
56.0th percentile
GitLab CE 8.17 and later and EE 8.3 and later have a symlink time-of-check-to-time-of-use race condition that would allow unauthorized access to files in the GitLab Pages chroot environment. This is fixed in versions 11.5.1, 11.4.8, and 11.3.11.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | gitlab | < gitlab 11.3.11+dfsg-1 (sid) | gitlab 11.3.11+dfsg-1 (sid) |
| gitlab | gitlab | — | — |
| gitlab | gitlab | >= 11.3.12 < 11.4.8 | 11.4.8 |
| gitlab | gitlab | >= 11.4.9 < 11.5.1 | 11.5.1 |
| gitlab | gitlab | >= 8.17.0 < 11.3.11 | 11.3.11 |
| gitlab | gitlab | >= 8.3.0 < 11.3.11 | 11.3.11 |
| gitlab | gitlab_ce | — | — |
CVSS provenance
nvdv3.05.9MEDIUMCVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
vendor_debian5.9MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GitLab
CVE-2018-19572: GitLab CE 8.17 and later and EE 8.3 and later have a symlink time-of-check-to-time-of-use race condition that would allow unauthorized access to files
vendor_gitlab·2019-07-10·CVSS 5.9
CVE-2018-19572 [MEDIUM] CWE-362 CVE-2018-19572: GitLab CE 8.17 and later and EE 8.3 and later have a symlink time-of-check-to-time-of-use race condition that would allow unauthorized access to files
CVE-2018-19572: GitLab CE 8.17 and later and EE 8.3 and later have a symlink time-of-check-to-time-of-use race condition that would allow unauthorized access to files in the GitLab Pages chroot environment. This is fixed in versions 11.5.1, 11.4.8, and 11.3.11.
Debian
CVE-2018-19572: gitlab - GitLab CE 8.17 and later and EE 8.3 and later have a symlink time-of-check-to-ti...
vendor_debian·2018·CVSS 5.9
CVE-2018-19572 [MEDIUM] CVE-2018-19572: gitlab - GitLab CE 8.17 and later and EE 8.3 and later have a symlink time-of-check-to-ti...
GitLab CE 8.17 and later and EE 8.3 and later have a symlink time-of-check-to-time-of-use race condition that would allow unauthorized access to files in the GitLab Pages chroot environment. This is fixed in versions 11.5.1, 11.4.8, and 11.3.11.
Scope: local
sid: resolved (fixed in 11.3.11+dfsg-1)
GHSA
GHSA-j3cw-xpxv-w9fr: GitLab CE 8
ghsa_unreviewed·2022-05-24
CVE-2018-19572 [MEDIUM] CWE-362 GHSA-j3cw-xpxv-w9fr: GitLab CE 8
GitLab CE 8.17 and later and EE 8.3 and later have a symlink time-of-check-to-time-of-use race condition that would allow unauthorized access to files in the GitLab Pages chroot environment. This is fixed in versions 11.5.1, 11.4.8, and 11.3.11.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2019-07-10
Published