Main Vulnerability Database Vulnerabilities #VU50848

#VU50848 Improper access control in Gitlab Community Edition and GitLab Enterprise Edition

Published: February 22, 2021

Vulnerability identifier: #VU50848

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: N/A

CWE-ID: CWE-284

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Gitlab Community Edition
GitLab Enterprise Edition

Software vendor:
GitLab, Inc

Description

The vulnerability allows a remote user to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions. Demoted project members can access details on authored merge requests.

Install updates from vendor's website.