ID:

CVE-2019-18453 (NVD)

- Vulnerability Info (edit)
2019-11-26

An issue was discovered in GitLab Community and Enterprise Edition 11.6 through 12.4 in the add comments via email feature. It has Insecure Permissions.

Products Gitlab
Type Incorrect Permission Assignment for Critical Resource (CWE-732)
First patch - None (likely due to unavailable code)
Patches https://about.gitlab.com/blog/2019/10/30/security-release-gitlab-12-dot-4-dot-1-released/
https://about.gitlab.com/blog/categories/releases/
Annotation

Note:

No patch was assigned yet.