Allele Security Alert
ASA-2019-00212
Identifier(s)
ASA-2019-00212, CVE-2019-10116
Title
Related branches visible in issues for guests
Vendor(s)
GitLab
Product(s)
GitLab Community Edition (CE)
GitLab Enterprise Edition (EE)
Affected version(s)
GitLab CE/EE 8.7 and later
Fixed version(s)
GitLab Community Edition (CE) and GitLab Enterprise Edition (EE) 11.9.4
GitLab Community Edition (CE) and GitLab Enterprise Edition (EE) 11.8.6
GitLab Community Edition (CE) and GitLab Enterprise Edition (EE) 11.7.10
Proof of concept
Unknown
Description
An authorization issue was discovered which allowed Guests of a project to see Related Branches created for an issue.
Technical details
Unknown
Credits
ashish_r_padelkar
Reference(s)
GitLab Security Release: 11.9.4, 11.8.6, and 11.7.10
https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released/
CVE-2019-10116
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10116
CVE-2019-10116
https://nvd.nist.gov/vuln/detail/CVE-2019-10116
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: April 24, 2019