GitLab::API::v4 through 0.26 does not verify TLS...
Moderate severity
Unreviewed
Published
Apr 29, 2023
to the GitHub Advisory Database
•
Updated Apr 4, 2024
Description
Published by the National Vulnerability Database
Apr 29, 2023
Published to the GitHub Advisory Database
Apr 29, 2023
Last updated
Apr 4, 2024
GitLab::API::v4 through 0.26 does not verify TLS certificates when connecting to a GitLab server, enabling machine-in-the-middle attacks.
References