Christoph Hartmann

Name of the Vulnerable Software and Affected Versions: GitLab Enterprise version 12.0.0-pre Description: The issue allows authenticated remote attackers to read Docker registries of other groups. This occurs when a legitimate user changes the path of a group, and the Docker registries are not adapted, leaving them in the old namespace and making them available to all other users with no previous access to the repository. Recommendations: For GitLab Enterprise version 12.0.0-pre, consider restricting access to the Docker registries until a patch is available to prevent unauthorized access. As a temporary workaround, avoid changing the path of a group to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.