CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
Low
Improper authorization in global search in GitLab EE affecting all versions
from 16.11 prior to 16.11.5 and 17.0 prior to 17.0.3 and 17.1 prior to
17.1.1 allows an attacker leak content of a private repository in a public
project.
Author | Note |
---|---|
alexmurray | Only affectes GitLab Enterprise Edition, so gitlab in Ubuntu is not affected |