CVE-2022-1417

Summary

Improper access control in GitLab CE/EE affecting all versions starting from 8.12 before 14.8.6, all versions starting from 14.9 before 14.9.4, and all versions starting from 14.10 before 14.10.1 allows non-project members to access contents of Project Members-only Wikis via malicious CI jobs

Affected Software

VendorProductVersion RangeStatus
GitLabGitLab>=8.12, <14.8.6affected
GitLabGitLab>=14.9, <14.9.4affected
GitLabGitLab>=14.10, <14.10.1affected

Weaknesses

  • Improper access control in GitLab

ADP Enrichment

CVE Program Container

Additional References

References