CVE-2022-2512 - An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.0 before 15.0.5

CVE-2022-2512

Summary

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.0 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. Membership changes are not reflected in TODO for confidential notes, allowing a former project members to read updates via TODOs.

References

Vulnerable Configurations

cpe:2.3:a:gitlab:gitlab:15.0.0:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:15.0.0:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:15.0.1:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:15.0.1:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:15.0.4:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:15.0.4:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:15.1.0:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:15.1.0:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:15.1.3:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:15.1.3:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:15.2:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:15.2:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:15.0.0:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:15.0.0:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:15.0.0:-:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:15.0.0:-:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:15.0.4:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:15.0.4:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:15.1.0:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:15.1.0:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:15.1.3:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:15.1.3:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:15.2:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:15.2:*:*:*:community:*:*:*

CVSS

Base:	None
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication

Impact

Confidentiality	Integrity	Availability

Last major update

08-08-2023 - 14:22

Published

05-08-2022 - 16:15

Last modified

08-08-2023 - 14:22