Insecure Direct Object Reference Vulnerability in GitLab EE: Exposing Protected Branch Names
CVE-2021-39889 · MEDIUM Severity
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
In all versions of GitLab EE since version 14.1, due to an insecure direct object reference vulnerability, an endpoint may reveal the protected branch name to a malicious user who makes a crafted API call with the ID of the protected branch.
Learn more about our Api Penetration Testing.