Description

Gitlab allows registering a new user. Therefore, an attacker may interact with Gitlab as an authenticated user.

Remediation

It's recommended to turn off user registration or require administrator approval for new sign ups

References

Sign-up restrictions

Related Vulnerabilities

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-2158)

CodeIgniter weak encryption key

TLS/SSL certificate key size too small

Weak Secret is Used to Sign JWT

Redis Unauthorized Access Vulnerability

Severity

Medium

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration