Access Control Issue Allowing Guest Users to Modify or Delete Their Own Comments on Confidential Issues
CVE-2018-19576 · MEDIUM Severity
AV:N/AC:L/AU:N/C:N/I:P/A:P
GitLab CE/EE, versions 8.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an access control issue that allows a Guest user to make changes to or delete their own comments on an issue, after the issue was made Confidential.
Learn more about our User Device Pen Test.