CVE-2022-2229

Published
View on NVD ↗
CVSS v3
7.5
HIGH
CVSS v2
5
MEDIUM
Affected
2
PROJECTS

Description

An improper authorization issue in GitLab CE/EE affecting all versions from 13.7 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker to extract the value of an unprotected variable they know the name of in public projects or private projects they're a member of.

gitlab-org/cves
gitlab-org/cves
This project hosts the CVEs that have been assigned by GitLab in its role as a CNA. See https://about.gitlab.com/security/cve/ for more information
GitLabGitLab
22
gitlab-org/gitlab
gitlab-org/gitlab
GitLab is the open-source DevSecOps platform that provides a complete software development lifecycle toolchain including source control, CI/CD, security scanning, and project management in a single application.
GitLabGitLab
6.06K