CVE-2021-22172 log

Source
Severity Medium
Remote Yes
Type Information disclosure
Description
Improper authorization in GitLab 12.8+ allows a guest user in a private project to view tag data that should be inaccessible on the releases page. The issue is fixed in versions 13.8.2, 13.7.6 and 13.6.6.
Group Package Affected Fixed Severity Status Ticket
AVG-1521 gitlab 13.8.1-1 13.8.2-1 Medium Fixed
Date Advisory Group Package Severity Type
06 Feb 2021 ASA-202102-11 AVG-1521 gitlab Medium information disclosure
References
https://about.gitlab.com/blog/2021/02/01/security-release-gitlab-13-8-2-released/#guest-user-can-see-tag-names-in-private-projects
https://gitlab.com/gitlab-org/gitlab-foss/-/commit/41b1c0469dba622a1c2c67c17f1f5e491573accf