GitLab Enterprise Edition 11.5 Improper Authorization Vulnerability


GitLab CE/EE, versions 8.8 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an authorization vulnerability that allows access to the web-UI as a user using a Personal Access Token of any scope.


The information has been provided by James Ritchey

The original article can be found at:

GitLab is prone to an unauthorized-access vulnerability.Attackers can exploit this issue to gain unauthorized access and perform malicious actions.
Vulnerable Systems:

GitLab Enterprise Edition 11.5
GitLab Enterprise Edition 11.4
GitLab Enterprise Edition 11.3
GitLab Community Edition 11.5
GitLab Community Edition 11.4
GitLab Community Edition 11.3

CVE Information:


Disclosure Timeline:
Published Date:07/16/2019