3 matches found
CVE-2021-22172
Improper authorization in GitLab 12.8+ allows a guest user in a private project to view tag data that should be inaccessible on the releases page...
CVE-2021-22172
CVE-2021-22172 arises from improper authorization in GitLab 12.8+ where a guest user in a private project can view tag data on the releases page. The issue is fixed in upstream GitLab releases: 13.6.6, 13.7.6, and 13.8.2. Affected component is GitLab’s releases/tag data access; root cause involve...
[ASA-202102-11] gitlab: information disclosure
Arch Linux Security Advisory ASA-202102-11 ========================================== Severity: Medium Date : 2021-02-06 CVE-ID : CVE-2021-22172 Package : gitlab Type : information disclosure Remote : Yes Link : https://security.archlinux.org/AVG-1521 Summary ======= The package gitlab before...