GitLab is prone to an security vulnerability.
Attackers can exploit this issue to make comments on a locked issue. This may aid in further attacks.
The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
| Bugtraq ID: | 109121 |
| Class: | Access Validation Error |
| CVE: | CVE-2018-19575 |
| Remote: | Yes |
| Local: | No |
| Published: | Jul 10 2019 12:00AM |
| Updated: | Jul 10 2019 12:00AM |
| Credit: | James Ritchey |
| Vulnerable: | Gitlab GitLab Enterprise Edition 11.5 Gitlab GitLab Enterprise Edition 11.4 Gitlab GitLab Enterprise Edition 11.3 Gitlab GitLab Enterprise Edition 10.1 Gitlab GitLab Community Edition 11.5 Gitlab GitLab Community Edition 11.4 Gitlab GitLab Community Edition 11.3 Gitlab GitLab Community Edition 10.1 |
| Not Vulnerable: | Gitlab GitLab Enterprise Edition 11.5.1 Gitlab GitLab Enterprise Edition 11.4.8 Gitlab GitLab Enterprise Edition 11.3.11 Gitlab GitLab Community Edition 11.5.1 Gitlab GitLab Community Edition 11.4.8 Gitlab GitLab Community Edition 11.3.11 |
References:
from SecurityFocus Vulnerabilities https://ift.tt/2YMX3WX
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.