3 matches found
CVE-2021-39904
An Improper Access Control vulnerability in the GraphQL API in all versions of GitLab CE/EE starting from 13.1 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 allows a Merge Request creator to resolve discussions and apply suggestion...
Improper Access Control
gitlab is vulnerable to Improper Access Control. The vulnerability exists due to improper role base access restrictions which allows a Merge Request creator to resolve discussions and apply suggestions after a project owner has locked the Merge Request...
GitLab CE and EE Incorrect Access Control Vulnerability (CNVD-2020-03844)
GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A security vulnerability exists in GitLab CE and EE 11.4...