CVE-2018-19583
First published: Wed Jul 10 2019(Updated: )
GitLab CE/EE, versions 8.0 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, would log access tokens in the Workhorse logs, permitting administrators with access to the logs to see another user's token.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GitLab | >=8.0.0<11.3.11 | |
| GitLab | >=8.0.0<11.3.11 | |
| GitLab | >=11.4.0<11.4.8 | |
| GitLab | >=11.4.0<11.4.8 | |
| GitLab | >=11.5.0<11.5.1 | |
| GitLab | >=11.5.0<11.5.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-19583?
CVE-2018-19583 is considered a medium severity vulnerability due to its potential exposure of sensitive access tokens.
How do I fix CVE-2018-19583?
To resolve CVE-2018-19583, upgrade to GitLab versions 11.3.11, 11.4.8, or 11.5.1 or later.
What types of access tokens are logged in CVE-2018-19583?
CVE-2018-19583 involves the logging of user access tokens in the Workhorse logs.
Who is affected by CVE-2018-19583?
Administrators with access to the Workhorse logs in affected versions of GitLab are at risk due to CVE-2018-19583.
What versions of GitLab are vulnerable to CVE-2018-19583?
CVE-2018-19583 affects GitLab Community and Enterprise Editions from version 8.0 up to 11.x before specific versions.
- agent/type
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/softwarecombine
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/gitlab
- canonical/gitlab
- version/gitlab/8.0.0
- version/gitlab/11.4.0
- version/gitlab/11.5.0