Improper access control in Gitlab Community Edition and GitLab Enterprise Edition - #VU50848
Published: February 22, 2021
Vulnerability identifier: #VU50848
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: N/A
CWE-ID: CWE-284
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: GitLab, Inc
Affected software:
Gitlab Community Edition
GitLab Enterprise Edition
Gitlab Community Edition
GitLab Enterprise Edition
Detailed vulnerability description
The vulnerability allows a remote user to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions. Demoted project members can access details on authored merge requests.
Remediation
Install updates from vendor's website.