CVE-2019-10116
published 2019-05-16CVE-2019-10116: An Insecure Permissions issue (issue 3 of 3) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before…
PriorityP420medium4.3CVSS 3.0
AVNACLPRLUINSUCLINAN
EPSS
1.04%
59.7th percentile
An Insecure Permissions issue (issue 3 of 3) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. Guests of a project were allowed to see Related Branches created for an issue.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | gitlab | < gitlab 11.8.6+dfsg-1 (sid) | gitlab 11.8.6+dfsg-1 (sid) |
| gitlab | gitlab | < 11.7.8 | 11.7.8 |
| gitlab | gitlab | — | — |
| gitlab | gitlab | >= 11.8.0 < 11.8.4 | 11.8.4 |
| gitlab | gitlab | >= 11.9.0 < 11.9.2 | 11.9.2 |
CVSS provenance
nvdv3.04.3MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
vendor_debian4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GitLab
CVE-2019-10116: An Insecure Permissions issue (issue 3 of 3) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x
vendor_gitlab·2019-05-16·CVSS 4.3
CVE-2019-10116 [MEDIUM] CWE-732 CVE-2019-10116: An Insecure Permissions issue (issue 3 of 3) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x
CVE-2019-10116: An Insecure Permissions issue (issue 3 of 3) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. Guests of a project were allowed to see Related Branches created for an issue.
Debian
CVE-2019-10116: gitlab - An Insecure Permissions issue (issue 3 of 3) was discovered in GitLab Community ...
vendor_debian·2019·CVSS 4.3
CVE-2019-10116 [MEDIUM] CVE-2019-10116: gitlab - An Insecure Permissions issue (issue 3 of 3) was discovered in GitLab Community ...
An Insecure Permissions issue (issue 3 of 3) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. Guests of a project were allowed to see Related Branches created for an issue.
Scope: local
sid: resolved (fixed in 11.8.6+dfsg-1)
GHSA
GHSA-g927-v8jh-hjfq: An Insecure Permissions issue (issue 3 of 3) was discovered in GitLab Community and Enterprise Edition before 11
ghsa_unreviewed·2022-05-24
CVE-2019-10116 [MEDIUM] GHSA-g927-v8jh-hjfq: An Insecure Permissions issue (issue 3 of 3) was discovered in GitLab Community and Enterprise Edition before 11
An Insecure Permissions issue (issue 3 of 3) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. Guests of a project were allowed to see Related Branches created for an issue.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released/https://about.gitlab.com/blog/categories/releases/https://gitlab.com/gitlab-org/gitlab-ce/issues/56224https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released/https://about.gitlab.com/blog/categories/releases/https://gitlab.com/gitlab-org/gitlab-ce/issues/56224
2019-05-16
Published