An Incorrect Access Control (issue 2 of 3) issue exists in GitLab Community and Enterprise Edition 8.14 and later but prior to 11.5.8, 11.6.x prior to 11.6.6, and 11.7.x prior to 11.7.1. Guest users were able to view the list of a group's merge requests.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
gitlab gitlab |