Description

Gitlab allows registering a new user. Therefore, an attacker may interact with Gitlab as an authenticated user.

Remediation

It's recommended to turn off user registration or require administrator approval for new sign ups

References

Sign-up restrictions

Related Vulnerabilities

PostgreSQL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-32028)

Version Disclosure (IIS)

Plone CMS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-4194)

Apache Tomcat version older than 7.0.32

Redis Unauthorized Access Vulnerability

Severity

Medium

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration