CVE-2019-6960 : What You Need to Know
Learn about CVE-2019-6960, an Incorrect Access Control issue in GitLab versions 9.x, 10.x, and 11.x, allowing unauthorized access to internal wikis. Find mitigation steps and patch details here.
A vulnerability has been found in versions 9.x, 10.x, and 11.x of both GitLab Community and Enterprise Editions, allowing unauthorized access to internal wikis when an external wiki service is active.
Understanding CVE-2019-6960
This CVE identifies an Incorrect Access Control issue in GitLab versions prior to 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1.
What is CVE-2019-6960?
This vulnerability in GitLab allows unauthorized access to internal wikis when an external wiki service is enabled.
The Impact of CVE-2019-6960
The vulnerability could lead to unauthorized users gaining access to sensitive information stored in internal wikis.
Technical Details of CVE-2019-6960
GitLab versions 9.x, 10.x, and 11.x before specific patch versions are affected by this vulnerability.
Vulnerability Description
The issue stems from an Incorrect Access Control problem, enabling unauthorized access to internal wikis.
Affected Systems and Versions
- GitLab Community and Enterprise Editions 9.x, 10.x, and 11.x
- Versions before 11.5.8, 11.6.6, and 11.7.1
Exploitation Mechanism
Unauthorized users can exploit this vulnerability when an external wiki service is active, allowing access to internal wikis.
Mitigation and Prevention
To address CVE-2019-6960, follow these steps:
Immediate Steps to Take
- Update GitLab to versions 11.5.8, 11.6.6, or 11.7.1, where the vulnerability is patched.
- Disable external wiki services if not essential for operations.
Long-Term Security Practices
- Regularly monitor and audit access to internal wikis.
- Implement strong access control policies to prevent unauthorized entry.
Patching and Updates
- Apply the latest patches and updates provided by GitLab to ensure system security.