GitLabCVELIST:CVE-2022-2281CVE-2022-2281
2.6 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N
5.4 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
38.5%
An information disclosure vulnerability in GitLab EE affecting all versions from 12.5 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows disclosure of release titles if group milestones are associated with any project releases.
CNA Affected
[
{
"product": "GitLab",
"vendor": "GitLab",
"versions": [
{
"status": "affected",
"version": ">=12.5, <14.10.5"
},
{
"status": "affected",
"version": ">=15.0, <15.0.4"
},
{
"status": "affected",
"version": ">=15.1, <15.1.1"
}
]
}
]Related
2.6 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N
5.4 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
38.5%