PT-2019-9855 · Gitlab · Gitlab Ce/Ee+1

Published

2019-07-10

Updated

2019-07-11

CVE-2018-19572

CVSS v3.1

5.9

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions GitLab CE versions 8.17 through 11.5.0 GitLab EE versions 8.3 through 11.4.7 GitLab EE versions 8.3 through 11.3.10

Description The issue is related to a symlink time-of-check-to-time-of-use race condition. This condition could allow unauthorized access to files in the GitLab Pages chroot environment.

Recommendations For GitLab CE versions 8.17 through 11.5.0, update to version 11.5.1 or later. For GitLab EE versions 8.3 through 11.4.7, update to version 11.4.8 or later. For GitLab EE versions 8.3 through 11.3.10, update to version 11.3.11 or later.

Fix

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-362

Related Identifiers

CVE-2018-19572

Affected Products

Gitlab

Gitlab Ce/Ee

PT-2019-9855 · Gitlab · Gitlab Ce/Ee+1

CVE-2018-19572

Weakness Enumeration

Related Identifiers

Affected Products

References · 6