URL Slug Guessing Vulnerability in GitLab Allows Information Disclosure

URL Slug Guessing Vulnerability in GitLab Allows Information Disclosure

CVE-2019-12434 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

An issue was discovered in GitLab Community and Enterprise Edition 10.6 through 11.11. Users could guess the URL slug of private projects through the contrast of the destination URLs of issues linked in comments. It allows Information Disclosure.

Learn more about our User Device Pen Test.