First published: Thu Mar 22 2018(Updated: )
GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the Projects::MergeRequests::CreationsController component resulting in an attacker to see every project name and their respective namespace on a GitLab instance.
Credit: support@hackerone.com
Affected Software | Affected Version | How to fix |
---|---|---|
debian/gitlab | 16.0.8+ds1-2 | |
GitLab GitLab | >8.8.0<=10.1.5 | |
GitLab GitLab | >=8.8.0<=10.1.5 | |
GitLab GitLab | >10.2.0<=10.2.5 | |
GitLab GitLab | >=10.2.0<=10.2.5 | |
GitLab GitLab | >10.3.0<=10.3.3 | |
GitLab GitLab | >=10.3.0<=10.3.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.