CVE-2019-16377: Incorrect Authorization

September 23, 2019

When a controller has multiple power directives, the :only and :except options of the last directive is applied to all directives. This can lead to unauthenticated access to certain controller actions.

References

nvd.nist.gov/vuln/detail/CVE-2019-16377

Detect and mitigate CVE-2019-16377 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →