Unauthorized Access to Pipeline Information in GitLab CE/EE Versions 13.12 and above

Unauthorized Access to Pipeline Information in GitLab CE/EE Versions 13.12 and above

CVE-2021-22248 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Improper authorization on the pipelines page in GitLab CE/EE affecting all versions since 13.12 allowed unauthorized users to view some pipeline information for public projects that have access to pipelines restricted to members only

Learn more about our User Device Pen Test.