CVE-2021-22167 log

Source
Severity Medium
Remote Yes
Type Information disclosure
Description
An issue has been discovered in GitLab affecting all versions starting from 12.1. Incorrect headers within a specific project page allow attackers to have temporary read access to a public repository with project features restricted only to members. The issue is mitigated in GitLab version 13.7.2, 13.6.4, and 13.5.6.
Group Package Affected Fixed Severity Status Ticket
AVG-1416 gitlab 13.7.1-1 13.7.2-1 High Fixed
Date Advisory Group Package Severity Type
12 Jan 2021 ASA-202101-10 AVG-1416 gitlab High multiple issues
References
https://about.gitlab.com/releases/2021/01/07/security-release-gitlab-13-7-2-released/#unauthorized-user-is-able-to-access-private-repository-information-under-specific-conditions