CVE-2019-6960

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2019-6960
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-6960.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-6960
Published
2019-09-09T20:15:12.557Z
Modified
2026-04-10T04:19:56.050364Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

An issue was discovered in GitLab Community and Enterprise Edition 9.x, 10.x, and 11.x before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control. Access to the internal wiki is permitted when an external wiki service is enabled.

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events
Introduced
53f18d8326e26304f6df0996c615ca72b6a85e5b
Last affected
3f9ac2785cf9af97a0089740d0c404b501067f19
Introduced
53f18d8326e26304f6df0996c615ca72b6a85e5b
Last affected
3f9ac2785cf9af97a0089740d0c404b501067f19
Introduced
235b8d50ad14e7cdf4bc61c3df070f38dee97974
Last affected
075705a5f3bd9748d92cf48073bfe9e79b58f385
Introduced
235b8d50ad14e7cdf4bc61c3df070f38dee97974
Last affected
075705a5f3bd9748d92cf48073bfe9e79b58f385
Introduced
c6f72ac9a88521257991aa9a0cc6d558126f5bb9
Fixed
abfb287f424b28a64807bf9ba12c4a909e8d9f86
Introduced
c6f72ac9a88521257991aa9a0cc6d558126f5bb9
Fixed
abfb287f424b28a64807bf9ba12c4a909e8d9f86
Introduced
4c09765c6424a96be7c7ae7707db3bda4e9c4ab4
Fixed
e9c988e44da4af7bf7a3f01edc7eb1eccb348ff5
Introduced
4c09765c6424a96be7c7ae7707db3bda4e9c4ab4
Fixed
e9c988e44da4af7bf7a3f01edc7eb1eccb348ff5
Introduced
c02f0d47774ac40ee0d1097d00d7980ef0c7012c
Fixed
51b69167426f1a15449328d5221a96d7306d7fc5
Introduced
c02f0d47774ac40ee0d1097d00d7980ef0c7012c
Fixed
51b69167426f1a15449328d5221a96d7306d7fc5
Database specific 
{
    "versions": [
        {
            "introduced": "9.3.0"
        },
        {
            "last_affected": "9.3.7"
        },
        {
            "introduced": "9.3.0"
        },
        {
            "last_affected": "9.3.7"
        },
        {
            "introduced": "10.0.0"
        },
        {
            "last_affected": "10.8.7"
        },
        {
            "introduced": "10.0.0"
        },
        {
            "last_affected": "10.8.7"
        },
        {
            "introduced": "11.0.0"
        },
        {
            "fixed": "11.5.8"
        },
        {
            "introduced": "11.0.0"
        },
        {
            "fixed": "11.5.8"
        },
        {
            "introduced": "11.6.0"
        },
        {
            "fixed": "11.6.6"
        },
        {
            "introduced": "11.6.0"
        },
        {
            "fixed": "11.6.6"
        },
        {
            "introduced": "11.7.0"
        },
        {
            "fixed": "11.7.1"
        },
        {
            "introduced": "11.7.0"
        },
        {
            "fixed": "11.7.1"
        }
    ]
}

Affected versions

v11.*
v11.6.0-ee
v11.6.1-ee
v11.6.2-ee
v11.6.3-ee
v11.6.4-ee
v11.6.5-ee
v11.7.0-ee

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-6960.json"