Improper Authorization Checks in GitLab Allow Unauthorized Confidentiality Attribute Modification via GraphQL

Improper Authorization Checks in GitLab Allow Unauthorized Confidentiality Attribute Modification via GraphQL

CVE-2020-13334 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

In GitLab versions prior to 13.2.10, 13.3.7 and 13.4.2, improper authorization checks allow a non-member of a project/group to change the confidentiality attribute of issue via mutation GraphQL query

Learn more about our Web Application Penetration Testing UK.