Incorrect Access Control in GitLab Comments Search with Elasticsearch Integration
CVE-2019-18460 · HIGH Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
An issue was discovered in GitLab Community and Enterprise Edition 8.15 through 12.4 in the Comments Search feature provided by the Elasticsearch integration. It has Incorrect Access Control.
Learn more about our Web Application Penetration Testing UK.