CVE-2019-5883
First published: Fri May 17 2019(Updated: )
An Incorrect Access Control issue was discovered in GitLab Community and Enterprise Edition 6.0 and later but before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. The issue comments feature could allow a user to comment on an issue which they shouldn't be allowed to.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GitLab | >=6.0.0<11.3.11 | |
| GitLab | >=6.0.0<11.3.11 | |
| GitLab | >=11.4.0<11.4.8 | |
| GitLab | >=11.4.0<11.4.8 | |
| GitLab | >=11.5.0<11.5.1 | |
| GitLab | >=11.5.0<11.5.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2019-5883?
CVE-2019-5883 is considered a moderate severity vulnerability affecting access control.
How do I fix CVE-2019-5883?
To fix CVE-2019-5883, upgrade GitLab to version 11.3.11, 11.4.8, or 11.5.1 or later.
What issue does CVE-2019-5883 describe?
CVE-2019-5883 describes an incorrect access control issue that allows unauthorized commenting on issues by users.
Which GitLab versions are affected by CVE-2019-5883?
CVE-2019-5883 affects GitLab Community and Enterprise Editions from version 6.0 up to but not including 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1.
Is there a workaround for CVE-2019-5883?
There is no official workaround for CVE-2019-5883; the recommended action is to upgrade to the patched versions.
- agent/type
- agent/references
- agent/author
- agent/severity
- agent/softwarecombine
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/gitlab
- canonical/gitlab
- version/gitlab/6.0.0
- version/gitlab/11.4.0
- version/gitlab/11.5.0