Note:
This project will be discontinued after December 13, 2021. [more]
2019-09-16
An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.2.1. An IDOR in the epic notes API that could result in disclosure of private milestones, labels, and other information.
| Products | Gitlab |
| Type | Information Exposure (CWE-200) |
| First patch | - None (likely due to unavailable code) |
| Links |
• https://gitlab.com/gitlab-org/gitlab-ee/issues/11431
• https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/ |