Unauthorized User Access to Confidential Issue Titles and Namespace in Gitlab CE/EE

Unauthorized User Access to Confidential Issue Titles and Namespace in Gitlab CE/EE

CVE-2018-19577 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Gitlab CE/EE, versions 8.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an incorrect access control vulnerability that displays to an unauthorized user the title and namespace of a confidential issue.

Learn more about our User Device Pen Test.