Gitlab · Gitlab Ce/Ee · CVE-2018-19582
**Name of the Vulnerable Software and Affected Versions**
GitLab EE versions 11.4 before 11.4.8
GitLab EE versions 11.5 before 11.5.1
**Description**
The issue is related to an insecure direct object reference, allowing unauthorized users to publish draft merge request comments of other users.
**Recommendations**
For GitLab EE versions 11.4 before 11.4.8, update to version 11.4.8 or later.
For GitLab EE versions 11.5 before 11.5.1, update to version 11.5.1 or later.