#VU45758 Improper Authorization in Gitlab Community Edition and GitLab Enterprise Edition
Published: August 18, 2020 / Updated: August 19, 2020
Vulnerability identifier: #VU45758
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: N/A
CWE-ID: CWE-285
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Gitlab Community Edition
GitLab Enterprise Edition
Gitlab Community Edition
GitLab Enterprise Edition
Software vendor:
GitLab, Inc
GitLab, Inc
Description
The vulnerability allows a remote user to gain access to sensitive information.
The vulnerability exists due to improper authorization checks when handling deploy tokens that allowed read access to public projects with restricted repositories.
Remediation
Install updates from vendor's website.