An issue was discovered in GitLab Community and Enterprise Edition 10.8 through 12.2.1. An internal endpoint unintentionally allowed group maintainers to view and edit group runner settings.
2019-09-16T17:15:13.387
2024-11-21T04:29:19.767
Modified
CVSSv3.1: 5.4 (MEDIUM)
AV:N/AC:L/Au:S/C:P/I:P/A:N
8.0
4.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | gitlab | gitlab | < 12.0.8 | Yes |
| Application | gitlab | gitlab | < 12.0.8 | Yes |
| Application | gitlab | gitlab | < 12.1.8 | Yes |
| Application | gitlab | gitlab | < 12.1.8 | Yes |
| Application | gitlab | gitlab | < 12.2.3 | Yes |
| Application | gitlab | gitlab | < 12.2.3 | Yes |