According to its self-reported version, the instance of GitLab running on the remote web server is 7.7.x prior to 14.4.5, 14.5.0 prior to 14.5.3, or 14.6.0 prior to 14.6.2. It is, therefore, affected by a Cross-Site request forgery attack that would allow a malicious user to have their GitHub project imported on another GitLab user account.

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.Read More