CVE-2018-19582

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2018-19582

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-19582.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2018-19582

Published

2019-07-10T17:15:11.850Z

Modified

2026-04-10T04:07:34.802699Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

GitLab EE, versions 11.4 before 11.4.8 and 11.5 before 11.5.1, is affected by an insecure direct object reference vulnerability that permits an unauthorized user to publish the draft merge request comments of another user.

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type

GIT

Repo

https://gitlab.com/gitlab-org/gitlab

Events

Introduced

cfe266cbac3c5d413e9c061fff420630e517005f

Fixed

966cce5bfe657c7676dcc02125bb89bd3f067887

Introduced

cb71fca38c3de0c212685f97a46ee8426f63d301

Fixed

cab68f5d2035026e5e29ef68b79fdfe5ca90f947

Database specific

{
    "versions": [
        {
            "introduced": "11.4.0"
        },
        {
            "fixed": "11.4.8"
        },
        {
            "introduced": "11.5.0"
        },
        {
            "fixed": "11.5.1"
        }
    ]
}

Affected versions

v11.*

v11.5.0-ee

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-19582.json"