CVE-2018-19582
CVE-2018-19582 affects GitLab Enterprise Edition (GitLab EE) on versions 11.4 before 11.4.8 and 11.5 before 11.5.1. The issue is an insecure direct object reference that could allow an unauthorized user to publish another user’s draft merge request comments. The connected documents confirm the af...