Improper Input Validation in GitLab Community and Enterprise Edition: Creating Internal Projects in Private Groups Leads to Permission Issues

Improper Input Validation in GitLab Community and Enterprise Edition: Creating Internal Projects in Private Groups Leads to Permission Issues

CVE-2019-12433 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

An issue was discovered in GitLab Community and Enterprise Edition 11.7 through 11.11. It has Improper Input Validation. Restricted visibility settings allow creating internal projects in private groups, leading to multiple permission issues.

Learn more about our Internal Network Penetration Testing.