CVE-2019-7176

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2019-7176
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-7176.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-7176
Published
2019-09-09T21:15:12.310Z
Modified
2026-04-10T04:20:02.496581Z
Severity
  • 3.7 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
Summary
[none]
Details

An issue was discovered in GitLab Community and Enterprise Edition 8.x (starting in 8.9), 9.x, 10.x, and 11.x before 11.5.9, 11.6.x before 11.6.7, and 11.7.x before 11.7.2. It has Incorrect Access Control. Guest users are able to add reaction emojis on comments to which they have no visibility.

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events
Introduced
eb7f876a679dba6ae5ec739f94265f0e0f3516e8
Last affected
605f7bc3b05a8dcefb508a9ea3011bf9e9bc449a
Introduced
eb7f876a679dba6ae5ec739f94265f0e0f3516e8
Last affected
605f7bc3b05a8dcefb508a9ea3011bf9e9bc449a
Introduced
f33774cb120324d428dabf52c89b8a65e4d4c166
Last affected
9c32fedb6d29601a9cb698a25f8b917724b484b3
Introduced
f33774cb120324d428dabf52c89b8a65e4d4c166
Last affected
9c32fedb6d29601a9cb698a25f8b917724b484b3
Introduced
235b8d50ad14e7cdf4bc61c3df070f38dee97974
Last affected
6b5c78f6ca15386fd084425daaefb299412c9adc
Introduced
235b8d50ad14e7cdf4bc61c3df070f38dee97974
Last affected
6b5c78f6ca15386fd084425daaefb299412c9adc
Introduced
c6f72ac9a88521257991aa9a0cc6d558126f5bb9
Fixed
11dfbc1f313940489243c259944a380769ad4f86
Introduced
c6f72ac9a88521257991aa9a0cc6d558126f5bb9
Fixed
11dfbc1f313940489243c259944a380769ad4f86
Introduced
4c09765c6424a96be7c7ae7707db3bda4e9c4ab4
Fixed
4747ff7de2c1df3d93a9dad0b4f24ec046e06eb2
Introduced
4c09765c6424a96be7c7ae7707db3bda4e9c4ab4
Fixed
4747ff7de2c1df3d93a9dad0b4f24ec046e06eb2
Introduced
c02f0d47774ac40ee0d1097d00d7980ef0c7012c
Fixed
769515de2384d9fbf072f8d7bbfbde93034f2187
Introduced
c02f0d47774ac40ee0d1097d00d7980ef0c7012c
Fixed
769515de2384d9fbf072f8d7bbfbde93034f2187
Database specific 
{
    "versions": [
        {
            "introduced": "8.9.0"
        },
        {
            "last_affected": "8.17.8"
        },
        {
            "introduced": "8.9.0"
        },
        {
            "last_affected": "8.17.8"
        },
        {
            "introduced": "9.0.0"
        },
        {
            "last_affected": "9.5.10"
        },
        {
            "introduced": "9.0.0"
        },
        {
            "last_affected": "9.5.10"
        },
        {
            "introduced": "10.0.0"
        },
        {
            "last_affected": "10.8.6"
        },
        {
            "introduced": "10.0.0"
        },
        {
            "last_affected": "10.8.6"
        },
        {
            "introduced": "11.0.0"
        },
        {
            "fixed": "11.5.9"
        },
        {
            "introduced": "11.0.0"
        },
        {
            "fixed": "11.5.9"
        },
        {
            "introduced": "11.6.0"
        },
        {
            "fixed": "11.6.7"
        },
        {
            "introduced": "11.6.0"
        },
        {
            "fixed": "11.6.7"
        },
        {
            "introduced": "11.7.0"
        },
        {
            "fixed": "11.7.2"
        },
        {
            "introduced": "11.7.0"
        },
        {
            "fixed": "11.7.2"
        }
    ]
}

Affected versions

v11.*
v11.6.0-ee
v11.6.1-ee
v11.6.2-ee
v11.6.3-ee
v11.6.4-ee
v11.6.5-ee
v11.6.6-ee
v11.7.0-ee
v11.7.1-ee

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-7176.json"