Due to an insecure direct object reference vulnerability in Gitlab EE/CE affecting all versions from 11.0 before 14.8.6, 14.9 before 14.9.4, and 14.10 before 14.10.1, an endpoint may reveal the issue title to a user who crafted an API call with the ID of the issue from a public project that restricts access to issue only to project members.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
gitlab gitlab 14.10.0 |
||
gitlab gitlab |