| Name | CVE-2019-7176 |
| Description | An issue was discovered in GitLab Community and Enterprise Edition 8.x (starting in 8.9), 9.x, 10.x, and 11.x before 11.5.9, 11.6.x before 11.6.7, and 11.7.x before 11.7.2. It has Incorrect Access Control. Guest users are able to add reaction emojis on comments to which they have no visibility. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| Debian Bugs | 921059 |
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|---|---|---|
| gitlab (PTS) | sid | 16.8.4-1 | fixed |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| gitlab | source | (unstable) | 11.5.10+dfsg-1 | 921059 |
https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/