CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
EPSS
Percentile
34.4%
Severity: Medium
Date : 2021-02-06
CVE-ID : CVE-2021-22172
Package : gitlab
Type : information disclosure
Remote : Yes
Link : https://security.archlinux.org/AVG-1521
The package gitlab before version 13.8.2-1 is vulnerable to information
disclosure.
Upgrade to 13.8.2-1.
The problem has been fixed upstream in version 13.8.2.
None.
Improper authorization in GitLab 12.8+ allows a guest user in a private
project to view tag data that should be inaccessible on the releases
page. The issue is fixed in versions 13.8.2, 13.7.6 and 13.6.6.
A guest user can view tag data that should be inaccessible on the
releases page of a private project.
https://about.gitlab.com/blog/2021/02/01/security-release-gitlab-13-8-2-released/
https://about.gitlab.com/blog/2021/02/01/security-release-gitlab-13-8-2-released/#guest-user-can-see-tag-names-in-private-projects
https://gitlab.com/gitlab-org/gitlab-foss/-/commit/41b1c0469dba622a1c2c67c17f1f5e491573accf
https://security.archlinux.org/CVE-2021-22172
about.gitlab.com/blog/2021/02/01/security-release-gitlab-13-8-2-released/
about.gitlab.com/blog/2021/02/01/security-release-gitlab-13-8-2-released/#guest-user-can-see-tag-names-in-private-projects
gitlab.com/gitlab-org/gitlab-foss/-/commit/41b1c0469dba622a1c2c67c17f1f5e491573accf
security.archlinux.org/AVG-1521
security.archlinux.org/CVE-2021-22172
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
EPSS
Percentile
34.4%