CVE-2022-2229

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 13.7 through 14.10.4 GitLab CE/EE versions 15.0 through 15.0.3 GitLab CE/EE versions 15.1 through 15.1.0

Description An improper authorization issue in GitLab CE/EE allows an attacker to extract the value of an unprotected variable they know the name of in public projects or private projects they're a member of.

Recommendations For versions 13.7 through 14.10.4, update to version 14.10.5 or later. For versions 15.0 through 15.0.3, update to version 15.0.4 or later. For versions 15.1 through 15.1.0, update to version 15.1.1 or later.