[ASA-202102-11] gitlab: information disclosure
rgacogne at archlinux.org
Fri Feb 12 07:05:43 UTC 2021
Arch Linux Security Advisory ASA-202102-11
Date : 2021-02-06
CVE-ID : CVE-2021-22172
Package : gitlab
Type : information disclosure
Remote : Yes
Link : https://security.archlinux.org/AVG-1521
The package gitlab before version 13.8.2-1 is vulnerable to information
Upgrade to 13.8.2-1.
# pacman -Syu "gitlab>=13.8.2-1"
The problem has been fixed upstream in version 13.8.2.
Improper authorization in GitLab 12.8+ allows a guest user in a private
project to view tag data that should be inaccessible on the releases
page. The issue is fixed in versions 13.8.2, 13.7.6 and 13.6.6.
A guest user can view tag data that should be inaccessible on the
releases page of a private project.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 840 bytes
Desc: OpenPGP digital signature
More information about the arch-security