CVE-2024-10925

Guest user can read Security policy YAML in GitLab-EE (GitLab-EE におけるセキュリティポリシー YAMLのアクセス制御不備)

A vulnerability in GitLab-EE affecting all versions from 16.2 prior to 17.7.6, 17.8 prior to 17.8.4, and 17.9 prior to 17.9.1 allows a Guest user to read Security policy YAML.

Disclosure Date

2024/11/05

Credit

Yuki Osaki

Reference

https://www.cve.org/CVERecord?id=CVE-2022-21158
https://jvn.jp/jp/JVN89524240/
https://github.com/marktext/marktext/releases/tag/v0.17.0

Back

Guest user can read Security policy YAML in GitLab-EE (GitLab-EE におけるセキュリティポリシー YAMLのアクセス制御不備)

Disclosure Date

Credit

Reference

会社情報

サービス紹介

お問い合わせ