Vulnerabilities > CVE-2020-6832 - Unspecified vulnerability in Gitlab
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
LOW Integrity impact
NONE Availability impact
NONE Summary
An issue was discovered in GitLab Enterprise Edition (EE) 8.9.0 through 12.6.1. Using the project import feature, it was possible for someone to obtain issues from private projects.
Vulnerable Configurations
Nessus
NASL family | FreeBSD Local Security Checks |
NASL id | FREEBSD_PKG_F929B172369E11EA9CDB001B217B3468.NASL |
description | Gitlab reports : Private objects exposed through project importi |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 132880 |
published | 2020-01-15 |
reporter | This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/132880 |
title | FreeBSD : Gitlab -- Private objects exposed through project import (f929b172-369e-11ea-9cdb-001b217b3468) |
References
- https://about.gitlab.com/blog/categories/releases/
- https://about.gitlab.com/blog/categories/releases/
- https://about.gitlab.com/releases/2020/01/13/critical-security-release-gitlab-12-dot-6-dot-4-released/
- https://about.gitlab.com/releases/2020/01/13/critical-security-release-gitlab-12-dot-6-dot-4-released/