PT-2022-13118 · Gitlab · Gitlab
Ashish_R_Padelkar
·
Published
2022-03-28
·
Updated
2024-03-06
·
CVE-2022-0344
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
GitLab versions 10.0 through 14.5.4
GitLab versions 10.1 through 14.6.4
GitLab versions 10.2 through 14.7.1
Description
An issue in GitLab allows private project paths to be disclosed to unauthorized users via system notes when an Issue is closed via a Merge Request and later moved to a public project.
Recommendations
For versions 10.0 through 14.5.4, update to version 14.5.4 or later to resolve the issue.
For versions 10.1 through 14.6.4, update to version 14.6.4 or later to resolve the issue.
For versions 10.2 through 14.7.1, update to version 14.7.1 or later to resolve the issue.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Gitlab