Allele Security Alert
Guest users of private projects have access to releases
GitLab Community Edition (CE)
GitLab Enterprise Edition (EE)
Affects GitLab CE/EE 11.7 and later
GitLab Community Edition (CE) and GitLab Enterprise Edition (EE) 11.9.4
GitLab Community Edition (CE) and GitLab Enterprise Edition (EE) 11.8.6
GitLab Community Edition (CE) and GitLab Enterprise Edition (EE) 11.7.10
Proof of concept
An authorization issue was discovered for the GitLab Releases feature which could allow guest users access to private information like release details.
GitLab Security Release: 11.9.4, 11.8.6, and 11.7.10
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: April 24, 2019