Symlink Time-of-Check-to-Time-of-Use Race Condition in GitLab Pages Chroot Environment

Symlink Time-of-Check-to-Time-of-Use Race Condition in GitLab Pages Chroot Environment

CVE-2018-19572 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:N/A:N

GitLab CE 8.17 and later and EE 8.3 and later have a symlink time-of-check-to-time-of-use race condition that would allow unauthorized access to files in the GitLab Pages chroot environment. This is fixed in versions 11.5.1, 11.4.8, and 11.3.11.

Learn more about our Web Application Penetration Testing UK.