An issue exists in GitLab Community and Enterprise Edition 8.x (starting in 8.9), 9.x, 10.x, and 11.x prior to 11.5.9, 11.6.x prior to 11.6.7, and 11.7.x prior to 11.7.2. It has Incorrect Access Control. Guest users are able to add reaction emojis on comments to which they have no visibility.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
gitlab gitlab |