Improper Access Control

gitlab is vulnerable to Improper Access Control. The vulnerability allows a project export leak the external webhook token value which allows a attacker to access to the projects...

CVE-2021-39898

In all versions of GitLab CE/EE since version 10.6, a project export leaks the external webhook token value which may allow access to the project which it was exported from...

PT-2021-22744 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 10.6 and later Description: The issue allows a project export to leak the external webhook token value, potentially granting access to the project it was exported from. Recommendations: For GitLab CE/EE versions 10.6 and...

GitLab Information Disclosure Vulnerability (CNVD-2021-91179)

GitLab is a self-hosted Git version control system project repository application developed in Ruby on Rails by GitLab, Inc. GitLab CE/EE is vulnerable to an information disclosure vulnerability that stems from the fact that project exports can reveal external webhook token values, which can be...