CVE-2018-19575
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
10/07/2019
Last modified:
17/06/2026
Description
GitLab CE/EE, versions 10.1 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an insecure direct object reference issue that allows a user to make comments on a locked issue.
Impact
Base Score 3.x
4.30
Severity 3.x
MEDIUM
Base Score 2.0
4.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* | 10.1.0 (including) | 11.3.11 (excluding) |
| cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* | 10.1.0 (including) | 11.3.11 (excluding) |
| cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* | 11.4.0 (including) | 11.4.8 (excluding) |
| cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* | 11.4.0 (including) | 11.4.8 (excluding) |
| cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* | 11.5.0 (including) | 11.5.1 (excluding) |
| cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* | 11.5.0 (including) | 11.5.1 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://www.securityfocus.com/bid/109121
- https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/
- https://gitlab.com/gitlab-org/gitlab-ce/issues/52523
- http://www.securityfocus.com/bid/109121
- https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/
- https://gitlab.com/gitlab-org/gitlab-ce/issues/52523



