First published: Tue Jul 03 2018(Updated: )
GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the GitLab import component resulting in an attacker being able to perform operations under a group in which they were previously unauthorized.
Credit: support@hackerone.com
Affected Software | Affected Version | How to fix |
---|---|---|
GitLab GitLab | <10.1.6 | |
GitLab GitLab | <10.1.6 | |
GitLab GitLab | >=10.2.0<10.2.6 | |
GitLab GitLab | >=10.2.0<10.2.6 | |
GitLab GitLab | >=10.3.0<10.3.4 | |
GitLab GitLab | >=10.3.0<10.3.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.