CVE-2022-1545

Summary

It was possible to disclose details of confidential notes created via the API in Gitlab CE/EE affecting all versions from 13.2 prior to 14.8.6, 14.9 prior to 14.9.4, and 14.10 prior to 14.10.1 if an unauthorised project member was tagged in the note.

Affected Software

VendorProductVersion RangeStatus
GitLabGitLab>=13.2, <14.8.6affected
GitLabGitLab>=14.9, <14.9.4affected
GitLabGitLab>=14.10, <14.10.1affected

Weaknesses

  • Improper authorization in GitLab

ADP Enrichment

CVE Program Container

Additional References

References