GitLab CVE-2018-20492 Access Bypass Vulnerability

Description

GitLab is prone to an access-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks. GitLab versions prior to 11.4.13, 11.5.x prior to 11.5.6, and 11.6.x prior to 11.6.1 are vulnerable.

Technologies Affected

• Gitlab GitLab Community Edition 10.1
• Gitlab GitLab Community Edition 10.3
• Gitlab GitLab Community Edition 10.5.0
• Gitlab GitLab Community Edition 10.5.8
• Gitlab GitLab Community Edition 10.6.0
• Gitlab GitLab Community Edition 10.6.5
• Gitlab GitLab Community Edition 10.7.0
• Gitlab GitLab Community Edition 10.7.2
• Gitlab GitLab Community Edition 11.0
• Gitlab GitLab Community Edition 11.3.0
• Gitlab GitLab Community Edition 11.4.0
• Gitlab GitLab Community Edition 11.4.10
• Gitlab GitLab Community Edition 11.4.11
• Gitlab GitLab Community Edition 11.4.12
• Gitlab GitLab Community Edition 11.4.8
• Gitlab GitLab Community Edition 11.4.9
• Gitlab GitLab Community Edition 11.5.0
• Gitlab GitLab Community Edition 11.5.1
• Gitlab GitLab Community Edition 11.5.2
• Gitlab GitLab Community Edition 11.5.3
• Gitlab GitLab Community Edition 11.5.4
• Gitlab GitLab Community Edition 11.5.5
• Gitlab GitLab Community Edition 11.6.0
• Gitlab GitLab Community Edition 8.6
• Gitlab GitLab Community Edition 8.8
• Gitlab GitLab Enterprise Edition 10.1
• Gitlab GitLab Enterprise Edition 10.3
• Gitlab GitLab Enterprise Edition 10.5.0
• Gitlab GitLab Enterprise Edition 10.5.8
• Gitlab GitLab Enterprise Edition 10.6.0
• Gitlab GitLab Enterprise Edition 10.6.5
• Gitlab GitLab Enterprise Edition 10.7.0
• Gitlab GitLab Enterprise Edition 10.7.2
• Gitlab GitLab Enterprise Edition 11.0
• Gitlab GitLab Enterprise Edition 11.3.0
• Gitlab GitLab Enterprise Edition 11.4.0
• Gitlab GitLab Enterprise Edition 11.4.10
• Gitlab GitLab Enterprise Edition 11.4.11
• Gitlab GitLab Enterprise Edition 11.4.12
• Gitlab GitLab Enterprise Edition 11.4.8
• Gitlab GitLab Enterprise Edition 11.4.9
• Gitlab GitLab Enterprise Edition 11.5.0
• Gitlab GitLab Enterprise Edition 11.5.1
• Gitlab GitLab Enterprise Edition 11.5.2
• Gitlab GitLab Enterprise Edition 11.5.3
• Gitlab GitLab Enterprise Edition 11.5.4
• Gitlab GitLab Enterprise Edition 11.5.5
• Gitlab GitLab Enterprise Edition 11.6.0
• Gitlab GitLab Enterprise Edition 8.6
• Gitlab GitLab Enterprise Edition 8.8

Recommendations

Run all software as a nonprivileged user with minimal access rights.
To reduce the impact of latent vulnerabilities, run all applications with the minimal amount of privileges required for functionality.

Do not follow links provided by unknown or untrusted sources.
To reduce the likelihood of successful exploits, never visit sites of questionable integrity or follow links provided by unfamiliar or untrusted sources.

Updates are available. Please see the references or vendor advisory for more information.