CVE-2018-17455
First published: Sat Apr 15 2023(Updated: )
An issue was discovered in GitLab Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. Attackers could obtain sensitive information about group names, avatars, LDAP settings, and descriptions via an insecure direct object reference to the "merge request approvals" feature.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GitLab GitLab | <11.1.7 | |
| GitLab GitLab | <11.1.7 | |
| GitLab GitLab | >=11.2.0<11.2.4 | |
| GitLab GitLab | >=11.2.0<11.2.4 | |
| GitLab GitLab | =11.3.0 | |
| GitLab GitLab | =11.3.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- agent/references
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/severity
- agent/weakness
- agent/author
- agent/softwarecombine
- agent/description
- agent/event
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/gitlab
- canonical/gitlab gitlab
- version/gitlab gitlab/11.2.0
- version/gitlab gitlab/11.3.0