Vulnerabilities > CVE-2020-5197 - Incorrect Authorization vulnerability in Gitlab
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
SINGLE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 5.1 through 12.6.1. It has Incorrect Access Control.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family | FreeBSD Local Security Checks |
NASL id | FREEBSD_PKG_01BDE18A2E0911EAA935001B217B3468.NASL |
description | SO-AND-SO reports : Group Maintainers Can Update/Delete Group Runners Using API GraphQL Queries Can Hang the Application Unauthorized Users Have Access to Milestones of Releases Private Group Name Revealed Through Protected Tags API Users Can Publish Reviews on Locked Merge Requests DoS in the Issue and Commit Comments Pages Project Name Disclosed Through Unsubscribe Link Private Project Name Disclosed Through Notification Settings |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 132665 |
published | 2020-01-06 |
reporter | This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/132665 |
title | FreeBSD : Gitlab -- Multiple Vulnerabilities (01bde18a-2e09-11ea-a935-001b217b3468) |