An issue was discovered in GitLab Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. Attackers could obtain sensitive information about group names, avatars, LDAP settings, and descriptions via an insecure direct object reference to the "merge request approvals" feature.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2023-04-15T00:00:00

Updated: 2024-08-05T10:47:04.910Z

Reserved: 2018-09-25T00:00:00

Link: CVE-2018-17455

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2023-04-15T23:15:13.637

Modified: 2023-04-25T20:01:07.177

Link: CVE-2018-17455

cve-icon Redhat

No data.