Insecure Direct Object Reference in GitLab Allows Unauthorized Access to Sensitive Information

Insecure Direct Object Reference in GitLab Allows Unauthorized Access to Sensitive Information

CVE-2018-17449 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. Remote attackers could obtain sensitive information about issues, comments, and project titles via events API insecure direct object reference.

Learn more about our Api Penetration Testing.