CVE-2019-5883

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2019-5883

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-5883.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2019-5883

Downstream

UBUNTU-CVE-2019-5883

Published

2019-05-17T16:29:03.547Z

Modified

2026-02-11T12:53:14.930548Z

Severity

9.1 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS Calculator

Summary

[none]

Details

An Incorrect Access Control issue was discovered in GitLab Community and Enterprise Edition 6.0 and later but before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. The issue comments feature could allow a user to comment on an issue which they shouldn't be allowed to.

References

https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type: GIT
Repo: https://gitlab.com/gitlab-org/gitlab
Events: Introduced

cb71fca38c3de0c212685f97a46ee8426f63d301

Fixed

cab68f5d2035026e5e29ef68b79fdfe5ca90f947

Introduced

cfe266cbac3c5d413e9c061fff420630e517005f

Fixed

966cce5bfe657c7676dcc02125bb89bd3f067887

Introduced

ec21bf6cf64fd59d7f69746c35de8a716b888a69

Fixed

97bf583178874e2617c347c33ca30b9b33b97402

Affected versions

v10.*

v10.1.0.pre

v10.2.0.pre

v10.3.0.pre

v10.4.0.pre

v10.5.0.pre

v10.6.0.pre

v10.7.0.pre

v10.8.0.pre

v10.9.0.pre

v11.*

v11.0.0.pre

v11.1.0.pre

v11.2.0.pre

v11.3.0-ee

v11.3.0-rc1

v11.3.0-rc1-ee

v11.3.0-rc10-ee

v11.3.0-rc11-ee

v11.3.0-rc2

v11.3.0-rc2-ee

v11.3.0-rc3

v11.3.0-rc3-ee

v11.3.0-rc4

v11.3.0-rc4-ee

v11.3.0-rc5

v11.3.0-rc5-ee

v11.3.0-rc6

v11.3.0-rc6-ee

v11.3.0-rc7-ee

v11.3.0-rc8-ee

v11.3.0-rc9-ee

v11.3.0.pre

v11.3.1-ee

v11.3.10-ee

v11.3.2-ee

v11.3.3-ee

v11.3.4-ee

v11.3.5-ee

v11.3.6-ee

v11.3.7-ee

v11.3.8-ee

v11.3.9-ee

v11.4.0-ee

v11.4.1-ee

v11.4.2-ee

v11.4.3-ee

v11.4.4-ee

v11.4.5-ee

v11.4.6-ee

v11.4.7-ee

v11.5.0-ee

v6.*

v6.0.0-ee

v6.1.0-ee

v6.2.0

v6.2.1

v6.2.2

v6.3.0

v6.3.0-ee

v6.3.1-ee

v6.4.0

v6.4.0-ee

v6.4.0.pre1

v6.4.0.pre2

v6.4.0.pre3

v6.4.1

v6.4.2

v6.4.3

v6.5.0

v6.5.0-ee

v6.5.0.rc1

v6.5.1

v6.6.0

v6.6.0-ee

v6.6.0.pre1

v6.6.0.rc1

v6.6.1

v6.6.2

v6.7.0-ee

v6.7.0.rc1

v6.7.0.rc1-ee

v6.7.1

v6.7.2

v6.8.0

v6.8.0-ee

v6.8.0.rc1

v6.8.1

v6.9.0.rc1

v7.*

v7.0.0

v7.0.0-ee

v7.0.0.rc1

v7.1.0

v7.1.0-ee

v7.1.0.rc1

v7.1.0.rc1-ee

v7.2.0.rc1

v7.2.0.rc1-ee

v7.2.0.rc2

v7.2.0.rc2-ee

v7.2.0.rc3

v7.2.0.rc3-ee

v7.2.0.rc4

v7.2.0.rc4-ee

v7.2.0.rc5

v7.2.0.rc5-ee

v7.3.0

v7.3.0-ee

v7.3.0.rc1

v7.3.0.rc1-ee

v7.4.0

v7.4.0-ee

v7.4.1

v7.4.1-ee

v7.4.2

v7.4.2-ee

v7.4.3

v7.4.3-ee

v7.4.4-ee

v8.*

v8.10.0.pre

v8.11.0

v8.11.0-ee

v8.11.0-rc1

v8.11.0-rc1-ee

v8.11.0-rc2

v8.11.0-rc2-ee

v8.11.0-rc3

v8.11.0-rc3-ee

v8.11.0-rc4

v8.11.0-rc4-ee

v8.11.0-rc5

v8.11.0-rc5-ee

v8.11.0-rc6

v8.11.0-rc6-ee

v8.11.0-rc7

v8.11.0-rc7-ee

v8.11.0.pre

v8.11.1

v8.12.0

v8.12.0-ee

v8.12.0-rc1

v8.12.0-rc1-ee

v8.12.0-rc2

v8.12.0-rc2-ee

v8.12.0-rc3

v8.12.0-rc3-ee

v8.12.0-rc4

v8.12.0-rc4-ee

v8.12.0-rc5

v8.12.0-rc5-ee

v8.12.0-rc6

v8.12.0-rc6-ee

v8.12.0-rc7

v8.12.0-rc7-ee

v8.12.0.pre

v8.12.1

v8.12.1-ee

v8.12.2

v8.12.2-ee

v8.12.3-ee

v8.13.0.pre

v8.14.0.pre

v8.15.0.pre

v8.16.0.pre

v8.17.0.pre

v8.18.0.pre

v8.2.0-ee

v8.2.0.rc1

v8.2.0.rc1-ee

v8.2.0.rc2

v8.2.0.rc2-ee

v8.4.0.rc1

v8.8.0

v8.8.0-ee

v8.8.0-rc1

v8.8.0-rc1-ee

v8.8.0-rc2

v8.8.0-rc2-ee

v8.8.1-ee

v9.*

v9.1.0.pre

v9.2.0.pre

v9.3.0.pre

v9.5.0.pre

v9.6.0.pre

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-5883.json"