CVE-2022-2630

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 15.2 through 15.2.3 GitLab CE/EE versions 15.3 through 15.3.1

Description The issue is related to improper access control in GitLab, allowing the disclosure of confidential information via the Incident timeline events. This is due to a lack of protection for internal data, which can be exploited by a remote attacker to gain unauthorized access to protected information.

Recommendations For GitLab CE/EE versions 15.2 through 15.2.3, update to version 15.2.4 or later. For GitLab CE/EE versions 15.3 through 15.3.1, update to version 15.3.2 or later.