In all versions of GitLab CE/EE since version 8.12, an authenticated low-privileged malicious user may create a project with unlimited repository size by modifying values in a project export.
CPE | Name | Operator | Version |
---|---|---|---|
gitlab | eq | 6.6.1 | |
gitlab | eq | 10.6.0.pre | |
gitlab | eq | 10.9.0.pre | |
gitlab | eq | 8.12.0-rc7 | |
gitlab | eq | 8.12.0-rc3 | |
gitlab | eq | 11.3.0.pre | |
gitlab | eq | 6.4.1 | |
gitlab | eq | 6.7.0-ee | |
gitlab | eq | 9.1.0.pre | |
gitlab | eq | 8.12.0-rc2 |