CVE-2019-7155

Name of the Vulnerable Software and Affected Versions GitLab Community and Enterprise Edition versions 9.x through 11.7.x GitLab Community and Enterprise Edition versions 11.6.x through 11.6.5 GitLab Community and Enterprise Edition versions 11.7.x through 11.7.0 GitLab Community and Enterprise Edition version 11.5.7 and earlier

Description The issue is related to incorrect access control. A user retains their role within a project in a private group after being removed from the group, if their privileges within the project are different from the group.

Recommendations For GitLab Community and Enterprise Edition versions 9.x through 11.5.7, update to version 11.5.8 or later. For GitLab Community and Enterprise Edition versions 11.6.x through 11.6.5, update to version 11.6.6 or later. For GitLab Community and Enterprise Edition versions 11.7.x through 11.7.0, update to version 11.7.1 or later.