CVE-2017-0920

CVE-2017-0920

Vendor Gitlab
Product GitLab Community and Enterprise Editions
Weakness CWE-639 · IDOR
Published March 22, 2018
Last update August 5, 2024

CVSS base score

What the vulnerability does

01Description

GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the Projects::MergeRequests::CreationsController component resulting in an attacker to see every project name and their respective namespace on a GitLab instance.

Key dates

02Disclosure timeline

March 22, 2018 CVE published
August 5, 2024 Record updated