Vulnerability in GitLab Allows Unauthorized Deletion of Issues and Merge Requests
CVE-2016-9469
Key Information:
What is CVE-2016-9469?
Multiple versions of GitLab have a vulnerability that permits authenticated users, and potentially unauthenticated users on publicly available projects, to delete all Issue and MergeRequest objects. This flaw poses significant risks to the integrity of GitLab projects. Affected versions of GitLab include those up to 8.14.2. Key updates addressing this issue were released on December 5, 2016, and users are urged to update to specified patched versions.
Affected Version(s)
GitLab Community Edition & GitLab Enterprise Edition 8.13.0, 8.13.0-ee, 8.13.1, 8.13.1-ee, 8.13.2, 8.13.2-ee, 8.13.3, 8.13.3-ee, 8.13.4, 8.13.4-ee, 8.13.5, 8.13.5-ee, 8.13.6, 8.13.6-ee, 8.13.7, 8.14.0, 8.14.0-ee, 8.14.1 GitLab Community Edition & GitLab Enterprise Edition 8.13.0, 8.13.0-ee, 8.13.1, 8.13.1-ee, 8.13.2, 8.13.2-ee, 8.13.3, 8.13.3-ee, 8.13.4, 8.13.4-ee, 8.13.5, 8.13.5-ee, 8.13.6, 8.13.6-ee, 8.13.7, 8.14.0, 8.14.0-ee, 8.14.1