Gitlab · Gitlab Ce/Ee · CVE-2019-12433
Name of the Vulnerable Software and Affected Versions:
GitLab Community and Enterprise Edition versions 11.7 through 11.11
Description:
The issue is related to improper input validation, allowing the creation of internal projects in private groups with restricted visibility settings. This leads to multiple permission issues.
Recommendations:
For GitLab Community and Enterprise Edition versions 11.7 through 11.11, consider restricting the creation of internal projects in private groups until a fix is available.
As a temporary workaround, review and adjust the visibility settings of existing internal projects in private groups to minimize permission issues.
Restrict access to sensitive data within these projects to prevent unauthorized access.