Unauthorized Access to Repositories via Mirroring Feature in GitLab Enterprise Edition (EE)

Unauthorized Access to Repositories via Mirroring Feature in GitLab Enterprise Edition (EE)

CVE-2017-11437 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:N/A:N

GitLab Enterprise Edition (EE) before 8.17.7, 9.0.11, 9.1.8, 9.2.8, and 9.3.8 allows an authenticated user with the ability to create a project to use the mirroring feature to potentially read repositories belonging to other users.

Learn more about our User Device Pen Test.