Published: 22/03/2018 Updated: 03/10/2019

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

CVSS v3 Base Score: 4.3 | Impact Score: 1.4 | Exploitability Score: 2.8

VMScore: 356

Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N

GitLab Community and Enterprise Editions prior to 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the Projects::MergeRequests::CreationsController component resulting in an malicious user to see every project name and their respective namespace on a GitLab instance.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gitlab gitlab

Debian Bug report logs - #893905 gitlab: CVE-2018-8801 CVE-2018-8971 Package: gitlab; Maintainer for gitlab is Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@listsaliothdebianorg>; Source for gitlab is src:gitlab (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Fri, 23 Mar ...

Several vulnerabilities have been discovered in Gitlab, a software platform to collaborate on code: CVE-2017-0920 It was discovered that missing validation of merge requests allowed users to see names to private projects, resulting in information disclosure CVE-2018-8971 It was discovered that the Auth0 integration was implemented ...

CWE-863 https://hackerone.com/reports/301336 https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/https://www.debian.org/security/2018/dsa-4206 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=893905 https://nvd.nist.gov https://www.debian.org/security/./dsa-4206

CVE-2017-0920

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect