CVE-2022-2281
LOWGitLab 12.5-14.10.4, 15.0-15.0.3, 15.1 - Information Disclosure via Group Milestone Release Association
Title source: llmDescription
An information disclosure vulnerability in GitLab EE affecting all versions from 12.5 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows disclosure of release titles if group milestones are associated with any project releases.
References (3)
Core 3
Core References
Broken Link x_refsource_misc
https://gitlab.com/gitlab-org/gitlab/-/issues/271172
Permissions Required, Third Party Advisory x_refsource_misc
https://hackerone.com/reports/1012659
Vendor Advisory x_refsource_confirm
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2281.json
Scores
CVSS v3
2.6
EPSS
0.0021
EPSS Percentile
42.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N
Details
Status
published
Products (2)
gitlab/gitlab
15.1.0
gitlab/gitlab
12.5.0 - 14.10.5
Published
Jul 01, 2022
Tracked Since
Feb 18, 2026