First published: Wed Mar 21 2018(Updated: )
Gitlab Community and Enterprise Editions version 10.1, 10.2, and 10.2.4 are vulnerable to a SQL injection in the MilestoneFinder component resulting in disclosure of all data in a GitLab instance's database.
Credit: support@hackerone.com
Affected Software | Affected Version | How to fix |
---|---|---|
GitLab GitLab | >=9.4.0<=9.5.10 | |
GitLab GitLab | >=9.4.0<=9.5.10 | |
GitLab GitLab | >=10.0.0<=10.1.5 | |
GitLab GitLab | >=10.0.0<=10.1.5 | |
GitLab GitLab | >=10.2.0<=10.2.5 | |
GitLab GitLab | >=10.2.0<=10.2.5 | |
GitLab GitLab | >=10.3.0<=10.3.3 | |
GitLab GitLab | >=10.3.0<=10.3.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.