What the vulnerability does

01Description

An IDOR exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) that allowed a project owner or maintainer to see the members of any private group via merge request approval rules.

Key dates

02Disclosure timeline

January 28, 2020 CVE published
August 5, 2024 Record updated