Vulnerability Database

300,445

Total vulnerabilities in the database

CVE-2019-10108

An Incorrect Access Control (issue 1 of 2) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. It allowed non-members of a private project/group to add and read labels.

Published: May 15, 2019
Updated: Nov 9, 2025
CVE: CVE-2019-10108
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5.5
AV:N/AC:L/Au:S/C:P/I:P/A:N

CWEs:

CWE-639

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
gitlab / gitlab	-	11.7.8
gitlab / gitlab	11.9.0	11.9.2
gitlab / gitlab	11.8.0	11.8.4

https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released/
https://about.gitlab.com/blog/categories/releases/
https://gitlab.com/gitlab-org/gitlab-ce/issues/56985

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo