CVE-2022-2512

MEDIUM

GitLab CE/EE <15.0.5-15.2.1 - Info Disclosure

Title source: llm
STIX 2.1

Description

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.0 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. Membership changes are not reflected in TODO for confidential notes, allowing a former project members to read updates via TODOs.

References (2)

Core 2
Core References
Broken Link, Vendor Advisory x_refsource_misc
https://gitlab.com/gitlab-org/gitlab/-/issues/365742

Scores

CVSS v3 6.5
EPSS 0.0012
EPSS Percentile 31.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

Status published
Products (2)
gitlab/gitlab 15.2 (2 CPE variants)
gitlab/gitlab 15.0.0 - 15.0.5 (2 CPE variants)
Published Aug 05, 2022
Tracked Since Feb 18, 2026