An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.8. GitLab was not properly validating authorisation tokens which resulted in GraphQL mutation being executed.
2021-05-06T14:15:08.017
2024-11-21T05:49:42.893
Modified
CVSSv3.1: 7.5 (HIGH)
AV:N/AC:L/Au:N/C:N/I:P/A:N
10.0
2.9
Type | Vendor | Product | Version/Range | Vulnerable? |
---|---|---|---|---|
Application | gitlab | gitlab | < 13.9.7 | Yes |
Application | gitlab | gitlab | < 13.9.7 | Yes |
Application | gitlab | gitlab | < 13.10.4 | Yes |
Application | gitlab | gitlab | < 13.10.4 | Yes |
Application | gitlab | gitlab | < 13.11.2 | Yes |
Application | gitlab | gitlab | < 13.11.2 | Yes |