Unauthorised User Access to Repository Content via Crafted Link in GitLab CE/EE

Unauthorised User Access to Repository Content via Crafted Link in GitLab CE/EE

CVE-2022-2907 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. It was possible to read repository content by an unauthorised user if a project member used a crafted link.

Learn more about our User Device Pen Test.