2 matches found
Design/Logic Flaw
An issue has been discovered in GitLab affecting all versions starting from 11.10 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. It was possible to disclose the branch names when attacker has a fork of a project that was switched to...
Privelege Escalation:- User having no permission is able to access logs of all private branches via ViewError Endpoint
h3. Issue Summary It has been observed that user having no permission is able to access error logs of all private branches which reveals the information related to project,agent,build etc. Bug Bounty report:...