First published: Fri Jul 01 2022(Updated: )
Improper access control in the runner jobs API in GitLab CE/EE affecting all versions prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows a previous maintainer of a project with a specific runner to access job and project meta data under certain conditions
Credit: cve@gitlab.com
Affected Software | Affected Version | How to fix |
---|---|---|
GitLab GitLab | <14.10.5 | |
GitLab GitLab | <14.10.5 | |
GitLab GitLab | >=15.0.0<15.0.4 | |
GitLab GitLab | >=15.0.0<15.0.4 | |
GitLab GitLab | =15.1.0 | |
GitLab GitLab | =15.1.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.