Description
Gitlab CE/EE, versions 8.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an incorrect access control vulnerability that displays to an unauthorized user the title and namespace of a confidential issue.
References (3)
Core 3
Core References
Issue Tracking, Vendor Advisory x_refsource_misc
https://gitlab.com/gitlab-org/gitlab-ce/issues/52444
Broken Link, Release Notes, Vendor Advisory x_refsource_confirm
https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/109179
Scores
CVSS v3
5.3
EPSS
0.0021
EPSS Percentile
43.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-284
Status
published
Products (1)
gitlab/gitlab
8.6.0 - 11.3.11 (2 CPE variants)
Published
Jul 10, 2019
Tracked Since
Feb 18, 2026