CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-19582

GitLab EE, versions 11.4 before 11.4.8 and 11.5 before 11.5.1, is affected by an insecure direct object reference vulnerability that permits an unauthorized user to publish the draft merge request comments of another user.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 14.9%

CVSS Severity

CVSS v3 Score 4.3

CVSS v2 Score 4.0

References

Products affected by CVE-2018-19582

Gitlab » Gitlab » Version: 11.4.0

cpe:2.3:a:gitlab:gitlab:11.4.0
Gitlab » Gitlab » Version: 11.4.1

cpe:2.3:a:gitlab:gitlab:11.4.1
Gitlab » Gitlab » Version: 11.4.2

cpe:2.3:a:gitlab:gitlab:11.4.2
Gitlab » Gitlab » Version: 11.4.3

cpe:2.3:a:gitlab:gitlab:11.4.3
Gitlab » Gitlab » Version: 11.4.4

cpe:2.3:a:gitlab:gitlab:11.4.4
Gitlab » Gitlab » Version: 11.4.5

cpe:2.3:a:gitlab:gitlab:11.4.5
Gitlab » Gitlab » Version: 11.4.6

cpe:2.3:a:gitlab:gitlab:11.4.6
Gitlab » Gitlab » Version: 11.4.7

cpe:2.3:a:gitlab:gitlab:11.4.7
Gitlab » Gitlab » Version: 11.5.0

cpe:2.3:a:gitlab:gitlab:11.5.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-19582

Products

Pricing

Contact Us