CVE-2020-10686: Incorrect Authorization
(updated )
An attacker could use the ‘remove devices form’ to post different credential IDs and possibly remove MFA devices for other users.
References
Detect and mitigate CVE-2020-10686 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →