Main Vulnerability Database Vulnerabilities #VU25040

Improper access control in GitLab Enterprise Edition - CVE-2020-7968

Published: February 7, 2020

Vulnerability identifier: #VU25040

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2020-7968

CWE-ID: CWE-284

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: GitLab, Inc

Affected software:
GitLab Enterprise Edition

Detailed vulnerability description

The vulnerability allows a remote attacker to gain unauthorized access to sensitive information.

The vulnerability exists due to the authorization checks were not being applied in some cases for public repositories with merge request visibility set to members only. A remote attacker can disclose the Forked Private Project Source Code.

How to mitigate CVE-2020-7968

Install update from vendor's website.

Sources

https://about.gitlab.com/blog/categories/releases/
https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/

Improper access control in GitLab Enterprise Edition - CVE-2020-7968

Detailed vulnerability description

How to mitigate CVE-2020-7968

Sources

Please verify you're human