Incorrect Access Control in GitLab Comments Search with Elasticsearch Integration

Incorrect Access Control in GitLab Comments Search with Elasticsearch Integration

CVE-2019-18460 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

An issue was discovered in GitLab Community and Enterprise Edition 8.15 through 12.4 in the Comments Search feature provided by the Elasticsearch integration. It has Incorrect Access Control.

Learn more about our Web Application Penetration Testing UK.