An improper access control issue in GitLab EE affecting all versions from 12.0 before 15.0.5, 15.1 before 15.1.4, and 15.2 before 15.2.1 allows an malicious user to bypass IP allow-listing and download artifacts. This attack only bypasses IP allow-listing, proper permissions are still required.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
gitlab gitlab |
||
gitlab gitlab 15.2 |