Note:
This project will be discontinued after December 13, 2021. [more]
2019-12-18
An improper access control vulnerability exists in GitLab <12.3.3 that allows an attacker to obtain container and dependency scanning reports through the merge request widget even though public pipelines were disabled.
Products | Gitlab |
Type | Information Exposure (CWE-200) |
First patch | - None (likely due to unavailable code) |
Links | https://hackerone.com/reports/676976 |