CVE-2022-0172

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 12.3 and later

Description An issue has been discovered in GitLab CE/EE, where under certain conditions, it was possible to bypass the IP restriction for public projects through GraphQL. This allowed unauthorized users to read titles of issues, merge requests, and milestones.

Recommendations For versions 12.3 and later, update to a version that includes a fix for this issue. As a temporary workaround, consider restricting access to GraphQL endpoints for public projects until a patch is available.