CVE-2018-19572
on gitlab
Published
Severity
CVSS v3:
5.9 MEDIUM
CVSS v2:
4.3 MEDIUM
Description
GitLab CE 8.17 and later and EE 8.3 and later have a symlink time-of-check-to-time-of-use race condition that would allow unauthorized access to files in the GitLab Pages chroot environment. This is fixed in versions 11.5.1, 11.4.8, and 11.3.11.
References
Configurations
CPE23 | Version Start | Version End | Exact Version |
---|---|---|---|
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* | 8.3.0 (including) | 11.3.11 | * |
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* | 11.3.12 (including) | 11.4.8 | * |
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* | 11.3.12 (including) | 11.4.8 | * |
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* | 11.4.9 (including) | 11.5.1 | * |
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* | 11.4.9 (including) | 11.5.1 | * |
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* | 8.17.0 (including) | 11.3.11 | * |