Improper Access Control Check in GitLab CE/EE Allows Unauthorized Viewing of Deploy Key Information

Improper Access Control Check in GitLab CE/EE Allows Unauthorized Viewing of Deploy Key Information

CVE-2022-2095 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

An improper access control check in GitLab CE/EE affecting all versions starting from 13.7 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1 allows a malicious authenticated user to view a public project's Deploy Key's public fingerprint and name when that key has write permission. Note that GitLab never asks for nor stores the private key.

Learn more about our Cis Benchmark Audit For Print Devices.