First published: Mon Apr 04 2022(Updated: )
An improper access control vulnerability in GitLab CE/EE affecting all versions from 13.11 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows an unauthorized user to access pipeline analytics even when public pipelines are disabled
Credit: cve@gitlab.com cve@gitlab.com
Affected Software | Affected Version | How to fix |
---|---|---|
GitLab GitLab | >=13.11.0<14.7.7 | |
GitLab GitLab | >=13.11.0<14.7.7 | |
GitLab GitLab | >=14.8.0<14.8.5 | |
GitLab GitLab | >=14.8.0<14.8.5 | |
GitLab GitLab | >=14.9.0<14.9.2 | |
GitLab GitLab | >=14.9.0<14.9.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2022-1105.
The severity of CVE-2022-1105 is medium with a score of 4.3.
All versions from 13.11 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 are affected.
The vulnerability allows an unauthorized user to access pipeline analytics even when public pipelines are disabled.
Yes, GitLab has released fixes for this vulnerability in versions 14.7.7, 14.8.5, and 14.9.2.