CVE-2018-19569
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2018-19569
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-19569.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2018-19569
- Published
- 2019-07-10T16:15:10Z
- Modified
- 2025-02-19T02:59:58.843725Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
GitLab CE/EE, versions 8.8 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an authorization vulnerability that allows access to the web-UI as a user using a Personal Access Token of any scope.
- References
Affected packages
Git / gitlab.com/gitlab-org/gitlab
Affected versions
v10.*
v10.1.0.pre
v10.2.0.pre
v10.3.0.pre
v10.4.0.pre
v10.5.0.pre
v10.6.0.pre
v10.7.0.pre
v10.8.0.pre
v10.9.0.pre
v11.*
v11.0.0.pre
v11.1.0.pre
v11.2.0.pre
v11.3.0-ee
v11.3.0-rc1
v11.3.0-rc1-ee
v11.3.0-rc10-ee
v11.3.0-rc11-ee
v11.3.0-rc2
v11.3.0-rc2-ee
v11.3.0-rc3
v11.3.0-rc3-ee
v11.3.0-rc4
v11.3.0-rc4-ee
v11.3.0-rc5
v11.3.0-rc5-ee
v11.3.0-rc6
v11.3.0-rc6-ee
v11.3.0-rc7-ee
v11.3.0-rc8-ee
v11.3.0-rc9-ee
v11.3.0.pre
v11.3.1-ee
v11.3.10-ee
v11.3.2-ee
v11.3.3-ee
v11.3.4-ee
v11.3.5-ee
v11.3.6-ee
v11.3.7-ee
v11.3.8-ee
v11.3.9-ee
v8.*
v8.10.0.pre
v8.11.0
v8.11.0-ee
v8.11.0-rc1
v8.11.0-rc1-ee
v8.11.0-rc2
v8.11.0-rc2-ee
v8.11.0-rc3
v8.11.0-rc3-ee
v8.11.0-rc4
v8.11.0-rc4-ee
v8.11.0-rc5
v8.11.0-rc5-ee
v8.11.0-rc6
v8.11.0-rc6-ee
v8.11.0-rc7
v8.11.0-rc7-ee
v8.11.0.pre
v8.11.1
v8.12.0
v8.12.0-ee
v8.12.0-rc1
v8.12.0-rc1-ee
v8.12.0-rc2
v8.12.0-rc2-ee
v8.12.0-rc3
v8.12.0-rc3-ee
v8.12.0-rc4
v8.12.0-rc4-ee
v8.12.0-rc5
v8.12.0-rc5-ee
v8.12.0-rc6
v8.12.0-rc6-ee
v8.12.0-rc7
v8.12.0-rc7-ee
v8.12.0.pre
v8.12.1
v8.12.1-ee
v8.12.2
v8.12.2-ee
v8.12.3-ee
v8.13.0.pre
v8.14.0.pre
v8.15.0.pre
v8.16.0.pre
v8.17.0.pre
v8.18.0.pre
v8.8.0
v8.8.0-ee
v8.8.1-ee
v9.*
v9.1.0.pre
v9.2.0.pre
v9.3.0.pre
v9.5.0.pre
v9.6.0.pre