Main Vulnerability Database Vulnerabilities #VU25040

#VU25040 Improper access control in GitLab Enterprise Edition - CVE-2020-7968

Published: February 7, 2020

Vulnerability identifier: #VU25040

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2020-7968

CWE-ID: CWE-284

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
GitLab Enterprise Edition

Software vendor:
GitLab, Inc

Description

The vulnerability allows a remote attacker to gain unauthorized access to sensitive information.

The vulnerability exists due to the authorization checks were not being applied in some cases for public repositories with merge request visibility set to members only. A remote attacker can disclose the Forked Private Project Source Code.

Remediation

Install update from vendor's website.

External links

https://about.gitlab.com/blog/categories/releases/
https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/

#VU25040 Improper access control in GitLab Enterprise Edition - CVE-2020-7968

Description

Remediation

External links

Please verify you're human