Unauthorized Access to Content via Parameter Tampering in GitLab Upload Feature
CVE-2020-10955 · MEDIUM Severity
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
GitLab EE/CE 11.1 through 12.9 is vulnerable to parameter tampering on an upload feature that allows an unauthorized user to read content available under specific folders.
Learn more about our User Device Pen Test.