Security Advisory

CVE-2017-0920

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2018-03-22 15:00:00

Last updated 2024-08-05 13:25:16

Assigner hackerone

State PUBLISHED

Description

GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the Projects::MergeRequests::CreationsController component resulting in an attacker to see every project name and their respective namespace on a GitLab instance.

← Browse all CVEs View on cve.org ↗