Unauthorized Access to Group Runner Settings

Unauthorized Access to Group Runner Settings

CVE-2019-15721 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

An issue was discovered in GitLab Community and Enterprise Edition 10.8 through 12.2.1. An internal endpoint unintentionally allowed group maintainers to view and edit group runner settings.

Learn more about our Internal Network Penetration Testing.