Vulnerabilities > CVE-2019-9756 - Authorization Bypass Through User-Controlled Key vulnerability in Gitlab
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
An issue was discovered in GitLab Community and Enterprise Edition 10.x (starting from 10.8) and 11.x before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control, a different vulnerability than CVE-2019-9732.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://about.gitlab.com/2019/03/04/security-release-gitlab-11-dot-8-dot-1-released/
- https://about.gitlab.com/blog/categories/releases/
- https://gitlab.com/gitlab-org/gitlab-ce/issues/54243
- https://about.gitlab.com/2019/03/04/security-release-gitlab-11-dot-8-dot-1-released/
- https://gitlab.com/gitlab-org/gitlab-ce/issues/54243
- https://about.gitlab.com/blog/categories/releases/