Note:
This project will be discontinued after December 13, 2021. [more]
2019-07-10
Gitlab CE/EE, versions 8.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an incorrect access control vulnerability that displays to an unauthorized user the title and namespace of a confidential issue.
Products | Gitlab |
Type | Improper Access Control (CWE-284) |
First patch | - None (likely due to unavailable code) |
Links |
• http://www.securityfocus.com/bid/109179
• https://gitlab.com/gitlab-org/gitlab-ce/issues/52444 • https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/ |