CVE-2018-19578 — Improper Authorization in Gitlab

CWE-285 — Improper Authorization4 documents4 sources

Severity

6.5MEDIUMNVD

EPSS

0.1%

top 74.18%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gitlab Debian Gitlab Gitlab EE

Timeline

PublishedJul 10

Latest updateMay 24

Description

GitLab EE, version 11.5 before 11.5.1, is vulnerable to an insecure object reference issue that permits a user with Reporter privileges to view the Jaeger Tracing Operations page.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

▶NVDgitlab/gitlab11.5.0 — 11.5.1

▶debiandebian/gitlab

▶gitlabgitlab/gitlab

▶gitlabgitlab/gitlab_ee

🔴Vulnerability Details

GHSA

GHSA-hjrv-mr9m-rffp: GitLab EE, version 11↗2022-05-24

▶

📋Vendor Advisories

GitLab

CVE-2018-19578: GitLab EE, version 11.5 before 11.5.1, is vulnerable to an insecure object reference issue that permits a user with Reporter privileges to view the Ja↗2019-07-10

▶

Debian

CVE-2018-19578: gitlab - GitLab EE, version 11.5 before 11.5.1, is vulnerable to an insecure object refer...↗2018

▶