First published: Mon Feb 17 2020(Updated: )
Unauthorized Access to the Container Registry of other groups was discovered in GitLab Enterprise 12.0.0-pre. In other words, authenticated remote attackers can read Docker registries of other groups. When a legitimate user changes the path of a group, Docker registries are not adapted, leaving them in the old namespace. They are not protected and are available to all other users with no previous access to the repo.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
GitLab GitLab | >=12.0.1<12.5.0 | |
GitLab GitLab | =12.0.0 | |
GitLab GitLab | =12.0.0-pre |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.