CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
EPSS
Percentile
22.7%
Incorrect authorization during display of Audit Events in GitLab EE
affecting all versions from 14.5 prior to 15.3.5, 15.4 prior to 15.4.4, and
15.5 prior to 15.5.2, allowed Developers to view the project’s Audit Events
and Developers or Maintainers to view the group’s Audit Events. These
should have been restricted to Project Maintainers, Group Owners, and
above.