CVE-2018-16048

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2018-16048

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-16048.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2018-16048

Published

2018-10-03T16:29:00Z

Modified

2025-02-19T03:01:21.967004Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

An issue was discovered in GitLab Community and Enterprise Edition before 11.0.6, 11.1.x before 11.1.5, and 11.2.x before 11.2.2. There is Missing Authorization Control for API Repository Storage.

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type: GIT
Repo: https://gitlab.com/gitlab-org/gitlab
Events: Introduced

4071be4ff453bc317ba65d5f4a50cab7d50869db

Fixed

b7c4aa0bc699186fb7f9eb307174f3c297e4c491

Affected versions

v10.*

v10.1.0.pre

v10.2.0.pre

v10.3.0.pre

v10.4.0.pre

v10.5.0.pre

v10.6.0.pre

v10.7.0.pre

v10.8.0.pre

v10.9.0.pre

v11.*

v11.0.0

v11.0.0-ee

v11.0.0-rc1

v11.0.0-rc1-ee

v11.0.0-rc10

v11.0.0-rc10-ee

v11.0.0-rc11

v11.0.0-rc11-ee

v11.0.0-rc12

v11.0.0-rc12-ee

v11.0.0-rc13

v11.0.0-rc13-ee

v11.0.0-rc14

v11.0.0-rc14-ee

v11.0.0-rc2

v11.0.0-rc2-ee

v11.0.0-rc3

v11.0.0-rc3-ee

v11.0.0-rc4

v11.0.0-rc4-ee

v11.0.0-rc5

v11.0.0-rc5-ee

v11.0.0-rc6

v11.0.0-rc6-ee

v11.0.0-rc7

v11.0.0-rc7-ee

v11.0.0-rc8

v11.0.0-rc8-ee

v11.0.0-rc9

v11.0.0-rc9-ee

v11.0.0.pre

v11.0.1

v11.0.1-ee

v11.0.2

v11.0.2-ee

v11.0.3

v11.0.3-ee

v11.0.4

v11.0.4-ee

v11.0.5

v11.0.5-ee

v6.*

v6.0.0-ee

v6.0.0-ee.beta

v6.0.0-ee.rc1

v6.1.0-ee

v6.2.1

v6.2.2

v6.3.0-ee

v6.3.1-ee

v6.4.0-ee

v6.4.1

v6.4.2

v6.4.3

v6.5.0-ee

v6.5.1

v6.6.0-ee

v6.6.1

v6.6.2

v6.7.0-ee

v6.7.0.rc1-ee

v6.7.1

v6.7.2

v6.8.0-ee

v6.8.1

v7.*

v7.0.0-ee

v7.1.0-ee

v7.1.0.rc1-ee

v7.2.0.rc1-ee

v7.2.0.rc2-ee

v7.2.0.rc3-ee

v7.2.0.rc4-ee

v7.2.0.rc5-ee

v7.3.0-ee

v7.3.0.rc1-ee

v7.4.0-ee

v7.4.1-ee

v7.4.2-ee

v7.4.3-ee

v7.4.4-ee

v8.*

v8.10.0.pre

v8.11.0

v8.11.0-ee

v8.11.0-rc1

v8.11.0-rc1-ee

v8.11.0-rc2

v8.11.0-rc2-ee

v8.11.0-rc3

v8.11.0-rc3-ee

v8.11.0-rc4

v8.11.0-rc4-ee

v8.11.0-rc5

v8.11.0-rc5-ee

v8.11.0-rc6

v8.11.0-rc6-ee

v8.11.0-rc7

v8.11.0-rc7-ee

v8.11.0.pre

v8.11.1

v8.12.0

v8.12.0-ee

v8.12.0-rc1

v8.12.0-rc1-ee

v8.12.0-rc2

v8.12.0-rc2-ee

v8.12.0-rc3

v8.12.0-rc3-ee

v8.12.0-rc4

v8.12.0-rc4-ee

v8.12.0-rc5

v8.12.0-rc5-ee

v8.12.0-rc6

v8.12.0-rc6-ee

v8.12.0-rc7

v8.12.0-rc7-ee

v8.12.0.pre

v8.12.1

v8.12.1-ee

v8.12.2

v8.12.2-ee

v8.12.3-ee

v8.13.0.pre

v8.14.0.pre

v8.15.0.pre

v8.16.0.pre

v8.17.0.pre

v8.18.0.pre

v8.2.0-ee

v8.2.0.rc1

v8.2.0.rc1-ee

v8.2.0.rc2

v8.2.0.rc2-ee

v8.8.0

v8.8.0-ee

v8.8.0-rc1

v8.8.0-rc1-ee

v8.8.0-rc2

v8.8.0-rc2-ee

v8.8.1-ee

v9.*

v9.1.0.pre

v9.2.0.pre

v9.3.0.pre

v9.5.0.pre

v9.6.0.pre