albatraoz

2 exploits Active since Apr 2022
CVE-2022-0373 WRITEUP MEDIUM WRITEUP
GitLab CE/EE <14.7.1 - Info Disclosure
Improper access control in GitLab CE/EE versions 12.4 to 14.5.4, 14.5 to 14.6.4, and 12.6 to 14.7.1 allows project non-members to retrieve the service desk email address
CVSS 4.3
CVE-2023-0805 WRITEUP MEDIUM WRITEUP
GitLab 15.2-15.9.5, 15.10-15.10.4, 15.11 - Missing Authorization for Banned Group Members
An issue has been discovered in GitLab EE affecting all versions starting from 15.2 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. A malicious group member may continue to have access to the public projects of a public group even after being banned from the public group by the owner.
CVSS 4.9