CVE-2018-19584
N/A
N/A
Summary
GitLab EE, versions 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, is vulnerable to an insecure direct object reference vulnerability that allows authenticated, but unauthorized, users to view members and milestone details of private groups.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://gitlab.com/gitlab-org/gitlab-ce/issues/52522
- https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/
References
- https://gitlab.com/gitlab-org/gitlab-ce/issues/52522
- https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.