CVE-2018-19582
First published: Wed Jul 10 2019(Updated: )
GitLab EE, versions 11.4 before 11.4.8 and 11.5 before 11.5.1, is affected by an insecure direct object reference vulnerability that permits an unauthorized user to publish the draft merge request comments of another user.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GitLab | >=11.4.0<11.4.8 | |
| GitLab | >=11.5.0<11.5.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-19582?
CVE-2018-19582 is classified as a medium severity vulnerability due to the potential for unauthorized access to draft merge request comments.
How do I fix CVE-2018-19582?
To fix CVE-2018-19582, upgrade your GitLab EE to version 11.4.8 or 11.5.1 or later.
What type of vulnerability is CVE-2018-19582?
CVE-2018-19582 is an insecure direct object reference vulnerability.
Who is affected by CVE-2018-19582?
CVE-2018-19582 affects users of GitLab EE versions prior to 11.4.8 and 11.5.1.
Can an unauthorized user exploit CVE-2018-19582?
Yes, an unauthorized user can exploit CVE-2018-19582 to publish draft merge request comments from other users.
- agent/references
- agent/type
- agent/weakness
- agent/author
- agent/severity
- agent/softwarecombine
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/gitlab
- canonical/gitlab
- version/gitlab/11.4.0
- version/gitlab/11.5.0