CVE-2018-19581 — Improper Authorization in Gitlab

CWE-285 — Improper Authorization4 documents4 sources

Severity

7.5HIGHNVD

EPSS

0.1%

top 73.78%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gitlab Debian Gitlab Gitlab EE

Timeline

PublishedJul 10

Latest updateMay 24

Description

GitLab EE, versions 8.3 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, is vulnerable to an insecure object reference vulnerability that allows a Guest user to set the weight of an issue they create.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

▶NVDgitlab/gitlab8.3.0 — 11.3.11+2

▶debiandebian/gitlab

▶gitlabgitlab/gitlab

▶gitlabgitlab/gitlab_ee

🔴Vulnerability Details

GHSA

GHSA-xc35-m6pj-p4jm: GitLab EE, versions 8↗2022-05-24

▶

📋Vendor Advisories

GitLab

CVE-2018-19581: GitLab EE, versions 8.3 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, is vulnerable to an insecure object reference vulnerabi↗2019-07-10

▶

Debian

CVE-2018-19581: gitlab - GitLab EE, versions 8.3 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 ...↗2018

▶