CVE-2018-19584

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2018-19584

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-19584.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2018-19584

Published

2019-07-10T17:15:12Z

Modified

2025-02-14T10:55:37.393675Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

GitLab EE, versions 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, is vulnerable to an insecure direct object reference vulnerability that allows authenticated, but unauthorized, users to view members and milestone details of private groups.

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type: GIT
Repo: https://gitlab.com/gitlab-org/gitlab
Events: Introduced

c6f72ac9a88521257991aa9a0cc6d558126f5bb9

Fixed

97bf583178874e2617c347c33ca30b9b33b97402

Affected versions

v11.*

v11.0.0.pre

v11.1.0.pre

v11.2.0.pre

v11.3.0-ee

v11.3.0-rc1

v11.3.0-rc1-ee

v11.3.0-rc10-ee

v11.3.0-rc11-ee

v11.3.0-rc2

v11.3.0-rc2-ee

v11.3.0-rc3

v11.3.0-rc3-ee

v11.3.0-rc4

v11.3.0-rc4-ee

v11.3.0-rc5

v11.3.0-rc5-ee

v11.3.0-rc6

v11.3.0-rc6-ee

v11.3.0-rc7-ee

v11.3.0-rc8-ee

v11.3.0-rc9-ee

v11.3.0.pre

v11.3.1-ee

v11.3.10-ee

v11.3.2-ee

v11.3.3-ee

v11.3.4-ee

v11.3.5-ee

v11.3.6-ee

v11.3.7-ee

v11.3.8-ee

v11.3.9-ee

v6.*

v6.0.0-ee

v6.0.0-ee.beta

v6.0.0-ee.rc1

v6.1.0-ee

v6.2.1

v6.2.2

v6.3.0-ee

v6.3.1-ee

v6.4.0-ee

v6.4.1

v6.4.2

v6.4.3

v6.5.0-ee

v6.5.1

v6.6.0-ee

v6.6.1

v6.6.2

v6.7.0-ee

v6.7.0.rc1-ee

v6.7.1

v6.7.2

v6.8.0-ee

v6.8.1

v7.*

v7.0.0-ee

v7.1.0-ee

v7.1.0.rc1-ee

v7.2.0.rc1-ee

v7.2.0.rc2-ee

v7.2.0.rc3-ee

v7.2.0.rc4-ee

v7.2.0.rc5-ee

v7.3.0-ee

v7.3.0.rc1-ee

v7.4.0-ee

v7.4.1-ee

v7.4.2-ee

v7.4.3-ee

v7.4.4-ee

v8.*

v8.11.0

v8.11.0-ee

v8.11.0-rc1

v8.11.0-rc1-ee

v8.11.0-rc2

v8.11.0-rc2-ee

v8.11.0-rc3

v8.11.0-rc3-ee

v8.11.0-rc4

v8.11.0-rc4-ee

v8.11.0-rc5

v8.11.0-rc5-ee

v8.11.0-rc6

v8.11.0-rc6-ee

v8.11.0-rc7

v8.11.0-rc7-ee

v8.11.1

v8.12.0

v8.12.0-ee

v8.12.0-rc1

v8.12.0-rc1-ee

v8.12.0-rc2

v8.12.0-rc2-ee

v8.12.0-rc3

v8.12.0-rc3-ee

v8.12.0-rc4

v8.12.0-rc4-ee

v8.12.0-rc5

v8.12.0-rc5-ee

v8.12.0-rc6

v8.12.0-rc6-ee

v8.12.0-rc7

v8.12.0-rc7-ee

v8.12.0.pre

v8.12.1

v8.12.1-ee

v8.12.2

v8.12.2-ee

v8.12.3-ee

v8.2.0-ee

v8.2.0.rc1

v8.2.0.rc1-ee

v8.2.0.rc2

v8.2.0.rc2-ee

v8.8.0

v8.8.0-ee

v8.8.0-rc1

v8.8.0-rc1-ee

v8.8.0-rc2

v8.8.0-rc2-ee

v8.8.1-ee