Description

Gitlab allows registering a new user. Therefore, an attacker may interact with Gitlab as an authenticated user.

Remediation

It's recommended to turn off user registration or require administrator approval for new sign ups

References

Sign-up restrictions

Related Vulnerabilities

WordPress 4.4.x Multiple Vulnerabilities (4.4 - 4.4.30)

OpenSSL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-2107)

Apache Axis2 administration console weak password

PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2010-1915)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-1835)

Severity

Medium

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration