CVE-2019-18459Incorrect Permission Assignment in Gitlab

CWE-732Incorrect Permission Assignment4 documents4 sources
Severity
5.3MEDIUMNVD
EPSS
0.1%
top 75.21%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Debian GitlabGitlab
Timeline
PublishedNov 26
Latest updateMay 24

Description

An issue was discovered in GitLab Community and Enterprise Edition 11.3 to 12.3 in the protected environments feature. It has Insecure Permissions (issue 3 of 4).

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages3 packages

debiandebian/gitlab< gitlab 12.6.8-3 (sid)
NVDgitlab/gitlab11.3.012.3.0
gitlabgitlab/gitlab

🔴Vulnerability Details

1
GHSA
GHSA-747q-6mj3-hj66: An issue was discovered in GitLab Community and Enterprise Edition 112022-05-24

📋Vendor Advisories

2
GitLab
CVE-2019-18459: An issue was discovered in GitLab Community and Enterprise Edition 11.3 to 12.3 in the protected environments feature. It has Insecure Permissions (is2019-11-26
Debian
CVE-2019-18459: gitlab - An issue was discovered in GitLab Community and Enterprise Edition 11.3 to 12.3 ...2019