CVE-2018-17455
- Source
- https://cve.org/CVERecord?id=CVE-2018-17455
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-17455.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2018-17455
- Related
- Published
- 2023-04-15T23:15:13.637Z
- Modified
- 2026-03-14T15:25:10.124466Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
An issue was discovered in GitLab Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. Attackers could obtain sensitive information about group names, avatars, LDAP settings, and descriptions via an insecure direct object reference to the "merge request approvals" feature.
- References
Affected packages
Git / gitlab.com/gitlab-org/gitlab
Affected ranges
- Type
- GIT
- Repo
- https://gitlab.com/gitlab-org/gitlab
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedIntroduced0 Unknown introduced commit / All previous commits are affectedFixedIntroducedFixedIntroducedFixedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "versions": [ { "introduced": "0" }, { "fixed": "11.1.7" }, { "introduced": "0" }, { "fixed": "11.1.7" }, { "introduced": "11.2.0" }, { "fixed": "11.2.4" }, { "introduced": "11.2.0" }, { "fixed": "11.2.4" }, { "introduced": "0" }, { "last_affected": "11.3.0" }, { "introduced": "0" }, { "last_affected": "11.3.0" } ] }