CVE-2018-19581

GitLab EE, versions 8.3 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, is vulnerable to an insecure object reference vulnerability that allows a Guest user to set the weight of an issue they create...

CVE-2018-19578

GitLab EE, version 11.5 before 11.5.1, is vulnerable to an insecure object reference issue that permits a user with Reporter privileges to view the Jaeger Tracing Operations page...

CVE-2018-19581

GitLab EE, versions 8.3 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, is vulnerable to an insecure object reference vulnerability that allows a Guest user to set the weight of an issue they create...

CVE-2018-19578

GitLab EE, version 11.5 before 11.5.1, is vulnerable to an insecure object reference issue that permits a user with Reporter privileges to view the Jaeger Tracing Operations page...

Design/Logic Flaw

GitLab EE, versions 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, is vulnerable to an insecure direct object reference vulnerability that allows authenticated, but unauthorized, users to view members and milestone details of private groups...

Deserialization of untrusted data

GitLab EE, versions 8.3 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, is vulnerable to an insecure object reference vulnerability that allows a Guest user to set the weight of an issue they create...

Design/Logic Flaw

GitLab EE, version 11.5 before 11.5.1, is vulnerable to an insecure object reference issue that permits a user with Reporter privileges to view the Jaeger Tracing Operations page...

CVE-2018-19582

GitLab EE, versions 11.4 before 11.4.8 and 11.5 before 11.5.1, is affected by an insecure direct object reference vulnerability that permits an unauthorized user to publish the draft merge request comments of another user...

CVE-2018-19578

GitLab EE, version 11.5 before 11.5.1, is vulnerable to an insecure object reference issue that permits a user with Reporter privileges to view the Jaeger Tracing Operations page...

CVE-2018-19581

GitLab EE, versions 8.3 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, is vulnerable to an insecure object reference vulnerability that allows a Guest user to set the weight of an issue they create...

CVE-2018-19584

GitLab EE, versions 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, is vulnerable to an insecure direct object reference vulnerability that allows authenticated, but unauthorized, users to view members and milestone details of private groups...

Design/Logic Flaw

GitLab EE, versions 11.4 before 11.4.8 and 11.5 before 11.5.1, is affected by an insecure direct object reference vulnerability that permits an unauthorized user to publish the draft merge request comments of another user...

CVE-2018-19578

GitLab EE 11.5 before 11.5.1 is vulnerable to an insecure object reference that allows a user with Reporter privileges to view the Jaeger Tracing Operations page. Root cause: improper access control on the Jaeger operations page. Impact: exposure of tracing page content to users with limited perm...

CVE-2018-19578

GitLab EE, version 11.5 before 11.5.1, is vulnerable to an insecure object reference issue that permits a user with Reporter privileges to view the Jaeger Tracing Operations page...

CVE-2018-19584

GitLab EE, versions 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, is vulnerable to an insecure direct object reference vulnerability that allows authenticated, but unauthorized, users to view members and milestone details of private groups...

CVE-2018-19584

Summary: CVE-2018-19584 affects GitLab Enterprise Edition (GitLab EE). Versions 11.x prior to 11.3.11, 11.4 prior to 11.4.8, and 11.5 prior to 11.5.1 are vulnerable to an insecure direct object reference that allows authenticated, but unauthorized, users to view members and milestone details of p...

CVE-2018-19581

Removed by vendor...

CVE-2018-19581

GitLab EE, versions 8.3 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, is vulnerable to an insecure object reference vulnerability that allows a Guest user to set the weight of an issue they create...

CVE-2018-19582

Removed by vendor...

CVE-2018-19582

CVE-2018-19582 affects GitLab Enterprise Edition (GitLab EE) on versions 11.4 before 11.4.8 and 11.5 before 11.5.1. The issue is an insecure direct object reference that could allow an unauthorized user to publish another user’s draft merge request comments. The connected documents confirm the af...