Allele Security Alert
Group Runner Registration Token Exposure
GitLab Enterprise Edition (EE)
GitLab EE 10.4 and later
GitLab Enterprise Edition (EE) 11.9.7
GitLab Enterprise Edition (EE) 11.8.7
GitLab Enterprise Edition (EE) 11.7.11
Proof of concept
The GitLab groups API was vulnerable to an information disclosure issue that disclosed group runner registration tokens to unauthorized users.
GitLab Critical Security Release: 11.9.7, 11.8.7, and 11.7.11
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: April 24, 2019