Описание
GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the Projects::MergeRequests::CreationsController component resulting in an attacker to see every project name and their respective namespace on a GitLab instance.
Ссылки
- Vendor Advisory
- Permissions Required
- Vendor Advisory
- Permissions Required
Уязвимые конфигурации
Одно из
Одно из
Одно из
EPSS
4.3 Medium
CVSS3
4 Medium
CVSS2
Дефекты
Связанные уязвимости
GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the Projects::MergeRequests::CreationsController component resulting in an attacker to see every project name and their respective namespace on a GitLab instance.
GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10 ...
GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the Projects::MergeRequests::CreationsController component resulting in an attacker to see every project name and their respective namespace on a GitLab instance.
EPSS
4.3 Medium
CVSS3
4 Medium
CVSS2