CVE-2018-20500
First published: Fri May 17 2019(Updated: )
An insecure permissions issue was discovered in GitLab Community and Enterprise Edition 9.4 and later but before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. The runner registration token in the CI/CD settings could not be reset. This was a security risk if one of the maintainers leaves the group and they know the token.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GitLab GitLab | >=9.4.0<11.4.13 | |
| GitLab GitLab | >=9.4.0<11.4.13 | |
| GitLab GitLab | >=11.5.0<11.5.6 | |
| GitLab GitLab | >=11.5.0<11.5.6 | |
| GitLab GitLab | >=11.6.0<11.6.1 | |
| GitLab GitLab | >=11.6.0<11.6.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- agent/references
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/weakness
- agent/author
- agent/severity
- agent/softwarecombine
- agent/event
- agent/tags
- agent/description
- collector/mitre-cve
- source/MITRE
- vendor/gitlab
- canonical/gitlab gitlab
- version/gitlab gitlab/9.4.0
- version/gitlab gitlab/11.5.0
- version/gitlab gitlab/11.6.0