It was possible to disclose details of confidential notes created via the API in Gitlab CE/EE affecting all versions from 13.2 before 14.8.6, 14.9 before 14.9.4, and 14.10 before 14.10.1 if an unauthorised project member was tagged in the note.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
gitlab gitlab 14.10.0 |
||
gitlab gitlab |