An issue was discovered in GitLab Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. Attackers could obtain sensitive information about group names, avatars, LDAP settings, and descriptions via an insecure direct object reference to the "merge request approvals" feature.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2023-04-15T00:00:00
Updated: 2024-08-05T10:47:04.910Z
Reserved: 2018-09-25T00:00:00
Link: CVE-2018-17455
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2023-04-15T23:15:13.637
Modified: 2023-04-25T20:01:07.177
Link: CVE-2018-17455
Redhat
No data.