CVE-2021-22200

Summary

An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.6. Under a special condition it was possible to access data of an internal repository through a public project fork as an anonymous user.

Affected Software

VendorProductVersion RangeStatus
GitLabGitLab>=12.6, <13.8.7affected
GitLabGitLab>=13.9, <13.9.5affected
GitLabGitLab>=13.10, <13.10.1affected

Weaknesses

  • Improper access control in GitLab

ADP Enrichment

CVE Program Container

Additional References

References