An improper authorization issue in GitLab CE/EE affecting all versions from 13.7 before 14.10.5, 15.0 before 15.0.4, and 15.1 before 15.1.1 allows an malicious user to extract the value of an unprotected variable they know the name of in public projects or private projects they're a member of.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
gitlab gitlab 15.1.0 |
||
gitlab gitlab |