An issue has been discovered in GitLab affecting all versions starting from 13.2 prior to 16.4.3, all versions starting from 16.5 prior to 16.5.3, all versions starting from 16.6 prior to 16.6.1. It was possible for users to access composer packages on public projects that have package registry disabled in the project settings.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
gitlab gitlab |
||
gitlab gitlab 16.6.0 |