Note:
This project will be discontinued after December 13, 2021. [more]
2020-03-13
GitLab before 12.8.2 has Incorrect Access Control. It was internally discovered that the LFS import process could potentially be used to incorrectly access LFS objects not owned by the user.
Products | Gitlab |
Type | Incorrect Authorization (CWE-863) |
First patch | - None (likely due to unavailable code) |
Links |
• https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html
• https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ |