GitLab 授权问题漏洞

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. An authorization issue vulnerability exists in GitLab CE/...

UBUNTU-CVE-2020-13334

In GitLab versions prior to 13.2.10, 13.3.7 and 13.4.2, improper authorization checks allow a non-member of a project/group to change the confidentiality attribute of issue via mutation GraphQL query...

PT-2020-13475 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions prior to 13.2.10 GitLab versions prior to 13.3.7 GitLab versions prior to 13.4.2 Description: The issue is related to improper authorization checks in GitLab, allowing a non-member of a project or group to modify the...

New Relic: Restricted user can update Apdex target for applications by leveraging the GraphQL mutation

Hey team, I've found that Restricted user can update Apdex target for applications by leveraging the GraphQL mutation which doesn't properly implement authorization. Steps to reproduce 1 Sign in NR with Restricted user 2 Navigate to https://api.newrelic.com/graphiql, intercept the request to...