GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the Projects::MergeRequests::CreationsController component resulting in an attacker to see every project name and their respective namespace on a GitLab instance.
[
{
"product": "GitLab Community and Enterprise Editions",
"vendor": "GitLab",
"versions": [
{
"status": "affected",
"version": "Versions before 10.1.6, 10.2.6, and 10.3.4"
}
]
}
]