Vulnerability Details CVE-2018-19359
GitLab Community and Enterprise Edition 8.9 and later and before 11.5.0-rc12, 11.4.6, and 11.3.10 has Incorrect Access Control.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 59.9%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.5
References
- https://about.gitlab.com/2018/11/19/critical-security-release-gitlab-11-dot-4-dot-6-released/
- https://about.gitlab.com/blog/categories/releases/
- https://gitlab.com/gitlab-org/gitlab-ce/issues/54189
- https://about.gitlab.com/2018/11/19/critical-security-release-gitlab-11-dot-4-dot-6-released/
- https://about.gitlab.com/blog/categories/releases/
- https://gitlab.com/gitlab-org/gitlab-ce/issues/54189
Products affected by CVE-2018-19359
-
cpe:2.3:a:gitlab:gitlab:11.3.0
-
cpe:2.3:a:gitlab:gitlab:11.3.1
-
cpe:2.3:a:gitlab:gitlab:11.3.2
-
cpe:2.3:a:gitlab:gitlab:11.3.3
-
cpe:2.3:a:gitlab:gitlab:11.3.4
-
cpe:2.3:a:gitlab:gitlab:11.3.5
-
cpe:2.3:a:gitlab:gitlab:11.3.6
-
cpe:2.3:a:gitlab:gitlab:11.3.7
-
cpe:2.3:a:gitlab:gitlab:11.3.8
-
cpe:2.3:a:gitlab:gitlab:11.3.9
-
cpe:2.3:a:gitlab:gitlab:11.4.0
-
cpe:2.3:a:gitlab:gitlab:11.4.1
-
cpe:2.3:a:gitlab:gitlab:11.4.2
-
cpe:2.3:a:gitlab:gitlab:11.4.3
-
cpe:2.3:a:gitlab:gitlab:11.4.4
-
cpe:2.3:a:gitlab:gitlab:11.4.5
-
cpe:2.3:a:gitlab:gitlab:11.4.7
-
cpe:2.3:a:gitlab:gitlab:11.4.8
-
cpe:2.3:a:gitlab:gitlab:11.4.9
-
cpe:2.3:a:gitlab:gitlab:11.5.0