First published: Tue Jan 24 2023(Updated: )
An improper access control issue in GitLab CE/EE affecting all versions from 11.3 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allowed an unauthorized user to see release names even when releases we set to be restricted to project members only
Credit: cve@gitlab.com
Affected Software | Affected Version | How to fix |
---|---|---|
GitLab GitLab | >=11.3.0<15.4.6 | |
GitLab GitLab | >=11.3.0<15.4.6 | |
GitLab GitLab | >=15.5.0<15.5.5 | |
GitLab GitLab | >=15.5.0<15.5.5 | |
GitLab GitLab | =15.6.0 | |
GitLab GitLab | =15.6.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2022-3482 is medium.
CVE-2022-3482 allows an unauthorized user to see release names even when releases are set to be restricted to project members only.
CVE-2022-3482 affects all versions of GitLab CE/EE from 11.3 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2.
Yes, GitLab has released a fix for CVE-2022-3482. Users should update to version 15.3.5, 15.4.4, or 15.5.2 or later to mitigate the vulnerability.
You can find more information about CVE-2022-3482 on the GitLab website and HackerOne.