Symlink Time-of-Check-to-Time-of-Use Race Condition in GitLab Pages Chroot Environment
CVE-2018-19572 · MEDIUM Severity
AV:N/AC:M/AU:N/C:P/I:N/A:N
GitLab CE 8.17 and later and EE 8.3 and later have a symlink time-of-check-to-time-of-use race condition that would allow unauthorized access to files in the GitLab Pages chroot environment. This is fixed in versions 11.5.1, 11.4.8, and 11.3.11.
Learn more about our Web Application Penetration Testing UK.