CVE-2018-18640

Source
Severity Medium
Remote No
Type Information disclosure
Description
A security issue has been found in gitlab versions prior to 11.4.3, where private project pages had inadequate cache control, which resulted in unauthorized users being able to view them in the browser.
Group Package Affected Fixed Severity Status Ticket
AVG-794 gitlab 11.4.0-1 11.4.3-1 Critical Fixed
Date Advisory Group Package Severity Description
31 Oct 2018 ASA-201810-16 AVG-794 gitlab Critical multiple issues
References
https://about.gitlab.com/2018/10/29/security-release-gitlab-11-dot-4-dot-3-released/
https://gitlab.com/gitlab-org/gitlab-ce/commit/5e125b0f84ad768d7ff19905d03820f561c21f98