An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. Remote attackers could obtain sensitive information about issues, comments, and project titles via events API insecure direct object reference.
References
| Link | Resource |
|---|---|
| https://about.gitlab.com/blog/categories/releases/ | Release Notes |
| https://about.gitlab.com/releases/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released/ | Release Notes Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
25 Apr 2023, 20:27
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Gitlab
Gitlab gitlab |
|
| References | (CONFIRM) https://about.gitlab.com/releases/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released/ - Release Notes, Vendor Advisory | |
| References | (MISC) https://about.gitlab.com/blog/categories/releases/ - Release Notes | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
| CPE | cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* cpe:2.3:a:gitlab:gitlab:11.3.0:*:*:*:community:*:*:* cpe:2.3:a:gitlab:gitlab:11.3.0:*:*:*:enterprise:*:*:* |
|
| CWE | CWE-639 |
15 Apr 2023, 23:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-04-15 23:15
Updated : 2023-12-10 15:01
NVD link : CVE-2018-17449
Mitre link : CVE-2018-17449
CVE.ORG link : CVE-2018-17449
JSON object : View
Products Affected
gitlab
- gitlab
CWE
CWE-639
Authorization Bypass Through User-Controlled Key