CVE-2018-19572
10.07.2019, 16:15
GitLab CE 8.17 and later and EE 8.3 and later have a symlink time-of-check-to-time-of-use race condition that would allow unauthorized access to files in the GitLab Pages chroot environment. This is fixed in versions 11.5.1, 11.4.8, and 11.3.11.
| Vendor | Product | Version |
|---|---|---|
| gitlab | gitlab | 8.3.0 ≤ 𝑥 < 11.3.11 |
| gitlab | gitlab | 8.17.0 ≤ 𝑥 < 11.3.11 |
| gitlab | gitlab | 11.3.12 ≤ 𝑥 < 11.4.8 |
| gitlab | gitlab | 11.3.12 ≤ 𝑥 < 11.4.8 |
| gitlab | gitlab | 11.4.9 ≤ 𝑥 < 11.5.1 |
| gitlab | gitlab | 11.4.9 ≤ 𝑥 < 11.5.1 |
𝑥
= Vulnerable software versions
