CVE-2019-9756
CRITICALGitLab Community and Enterprise Edition <11.6.10/11.7.6 - Incorrect Access Control
Title source: llmDescription
An issue was discovered in GitLab Community and Enterprise Edition 10.x (starting from 10.8) and 11.x before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control, a different vulnerability than CVE-2019-9732.
References (3)
Core 3
Core References
Product, Vendor Advisory x_refsource_misc
https://about.gitlab.com/blog/categories/releases/
Vendor Advisory x_refsource_confirm
https://about.gitlab.com/2019/03/04/security-release-gitlab-11-dot-8-dot-1-released/
Exploit, Vendor Advisory x_refsource_confirm
https://gitlab.com/gitlab-org/gitlab-ce/issues/54243
Scores
CVSS v3
9.8
EPSS
0.0039
EPSS Percentile
59.9%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-639
Status
published
Products (1)
gitlab/gitlab
10.8.0 - 10.8.7 (2 CPE variants)
Published
Apr 17, 2019
Tracked Since
Feb 18, 2026