Improper Permission Settings in GitLab Community and Enterprise Edition Allows Unauthorized Access to Uploaded Files

Improper Permission Settings in GitLab Community and Enterprise Edition Allows Unauthorized Access to Uploaded Files

CVE-2019-13009 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

An issue was discovered in GitLab Community and Enterprise Edition 9.2 through 12.0.2. Uploaded files associated with unsaved personal snippets were accessible to unauthorized users due to improper permission settings. It has Incorrect Access Control.

Learn more about our User Device Pen Test.