Unauthorized Disclosure of Restricted User, Group, and Repository Metadata in GitLab

Unauthorized Disclosure of Restricted User, Group, and Repository Metadata in GitLab

CVE-2019-13005 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

An issue was discovered in GitLab Enterprise Edition and Community Edition 1.10 through 12.0.2. The GitLab graphql service was vulnerable to multiple authorization issues that disclosed restricted user, group, and repository metadata to unauthorized users. It has Incorrect Access Control.

Learn more about our User Device Pen Test.