GitLab is prone to an security vulnerability.

Attackers can exploit this issue to make comments on a locked issue. This may aid in further attacks.

Information

Bugtraq ID: 109121

Class: Access Validation Error

CVE: CVE-2018-19575

Remote: Yes

Local: No

Published: Jul 10 2019 12:00AM

Updated: Jul 10 2019 12:00AM

Credit: James Ritchey

Vulnerable: Gitlab GitLab Enterprise Edition 11.5
Gitlab GitLab Enterprise Edition 11.4
Gitlab GitLab Enterprise Edition 11.3
Gitlab GitLab Enterprise Edition 10.1
Gitlab GitLab Community Edition 11.5
Gitlab GitLab Community Edition 11.4
Gitlab GitLab Community Edition 11.3
Gitlab GitLab Community Edition 10.1

Not Vulnerable: Gitlab GitLab Enterprise Edition 11.5.1
Gitlab GitLab Enterprise Edition 11.4.8
Gitlab GitLab Enterprise Edition 11.3.11
Gitlab GitLab Community Edition 11.5.1
Gitlab GitLab Community Edition 11.4.8
Gitlab GitLab Community Edition 11.3.11

Exploit

The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.