In GitLab before 13.0.12, 13.1.6 and 13.2.3, access grants were not revoked when a user revoked access to an application.
CVSS Score
4.2
EPSS Score
0.003
Published
2020-08-10
GitLab EE 11.3 through 13.1.2 has Incorrect Access Control because of the Maven package upload endpoint.
CVSS Score
5.3
EPSS Score
0.001
Published
2020-07-07
Page 46