CVE-2021-22172

Summary

Improper authorization in GitLab 12.8+ allows a guest user in a private project to view tag data that should be inaccessible on the releases page

Affected Software

VendorProductVersion RangeStatus
GitLabGitLab>=12.8, <13.6.6affected
GitLabGitLab>=13.7.0, <13.7.6affected
GitLabGitLab>=13.8.0, <13.8.2affected

Weaknesses

  • Improper authorization in GitLab

ADP Enrichment

CVE Program Container

Additional References

References