Unauthorized Disclosure of Pipeline Status in GitLab CE/EE

Unauthorized Disclosure of Pipeline Status in GitLab CE/EE

CVE-2022-3030 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

An improper access control issue in GitLab CE/EE affecting all versions starting before 15.1.6, all versions from 15.2 before 15.2.4, all versions from 15.3 before 15.3.2 allows disclosure of pipeline status to unauthorized users.

Learn more about our User Device Pen Test.