PT-2022-13134 · Gitlab · Gitlab Ce/Ee+1

Albatraoz

·

Published

2022-04-01

·

Updated

2024-03-06

·

CVE-2022-0373

CVSS v3.1

4.3

Medium

VectorAV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 12.4 through 14.7.1
Description The issue is related to improper access control, allowing project non-members to retrieve the service desk email address.
Recommendations For GitLab CE/EE versions 12.4 through 14.7.1, update to a version outside of the affected range to resolve the issue.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Related Identifiers

BIT-GITLAB-2022-0373
CVE-2022-0373

Affected Products

Gitlab
Gitlab Ce/Ee