CVE Vulnerabilities

CVE-2022-1545

Published: May 11, 2022 | Modified: Aug 08, 2023
CVSS 3.x
4.3
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CVSS 2.x
4 MEDIUM
AV:N/AC:L/Au:S/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

It was possible to disclose details of confidential notes created via the API in Gitlab CE/EE affecting all versions from 13.2 prior to 14.8.6, 14.9 prior to 14.9.4, and 14.10 prior to 14.10.1 if an unauthorised project member was tagged in the note.

Affected Software

Name Vendor Start Version End Version
Gitlab Gitlab 14.10.0 14.10.0
Gitlab Gitlab 14.10.0 14.10.0
Gitlab Gitlab 14.9.0 *
Gitlab Gitlab 14.9.0 *
Gitlab Gitlab 13.2.0 *
Gitlab Gitlab 13.2.0 *

References