CVE-2022-2512

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-2512
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-2512.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-2512
Aliases
Related
Published
2022-08-05T16:15:12Z
Modified
2025-01-14T11:10:28.603325Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.0 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. Membership changes are not reflected in TODO for confidential notes, allowing a former project members to read updates via TODOs.

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events
Introduced
3b397c1753233301037d0ca3caae23ce116505d3
Fixed
6b3af3293e0cee73719bbfc4a7d9eacc2e3ead54

Affected versions

v15.*

v15.0.0-ee
v15.0.1-ee
v15.0.2-ee
v15.0.3-ee
v15.0.4-ee