GitLab Enterprise Edition 11.5 Improper Authorization Vulnerability

Summary

GitLab CE/EE, versions 8.8 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an authorization vulnerability that allows access to the web-UI as a user using a Personal Access Token of any scope.

Credit:

The information has been provided by James Ritchey

The original article can be found at:

https://gitlab.com/gitlab-org/gitlab-ce/issues/50319


Details
GitLab is prone to an unauthorized-access vulnerability.Attackers can exploit this issue to gain unauthorized access and perform malicious actions.
Vulnerable Systems:

GitLab Enterprise Edition 11.5
GitLab Enterprise Edition 11.4
GitLab Enterprise Edition 11.3
GitLab Community Edition 11.5
GitLab Community Edition 11.4
GitLab Community Edition 11.3

CVE Information:

CVE-2018-19569

Disclosure Timeline:
Published Date:07/16/2019