It was possible to disclose details of confidential notes created via the API in Gitlab CE/EE affecting all versions from 13.2 prior to 14.8.6, 14.9 prior to 14.9.4, and 14.10 prior to 14.10.1 if an unauthorised project member was tagged in the note.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: GitLab
Published: 2022-05-11T14:25:17
Updated: 2024-08-03T00:10:02.897Z
Reserved: 2022-05-01T00:00:00
Link: CVE-2022-1545
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2022-05-11T15:15:09.180
Modified: 2023-08-08T14:22:24.967
Link: CVE-2022-1545
Redhat
No data.