Authorization

2020-01-2803:15:00

PRIOn knowledge base

www.prio-n.com

6.1 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

34.4%

JSON

An authorization issue was discovered in GitLab EE < 12.1.2, < 12.0.4, and < 11.11.6 allowing the merge request approval rules to be overridden without appropriate permissions.

CPENameOperatorVersion
gitlabge12.0.0
gitlablt12.0.4
gitlabge12.1.0
gitlablt12.1.2
gitlabge11.8.0
gitlablt11.11.6

Name	Operator	Version
gitlab	ge	12.0.0
gitlab	lt	12.0.4
gitlab	ge	12.1.0
gitlab	lt	12.1.2
gitlab	ge	11.8.0
gitlab	lt	11.11.6

References

about.gitlab.com/releases/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/

gitlab.com/gitlab-org/gitlab-ee/issues/11423

hackerone.com/reports/544756