Unauthorized Access to Content via Parameter Tampering in GitLab Upload Feature

Unauthorized Access to Content via Parameter Tampering in GitLab Upload Feature

CVE-2020-10955 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

GitLab EE/CE 11.1 through 12.9 is vulnerable to parameter tampering on an upload feature that allows an unauthorized user to read content available under specific folders.

Learn more about our User Device Pen Test.