CVE-2021-22172 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	Yes
Type	Information disclosure
Description	Improper authorization in GitLab 12.8+ allows a guest user in a private project to view tag data that should be inaccessible on the releases page. The issue is fixed in versions 13.8.2, 13.7.6 and 13.6.6.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-1521	gitlab	13.8.1-1	13.8.2-1	Medium	Fixed

Date	Advisory	Group	Package	Severity	Type
06 Feb 2021	ASA-202102-11	AVG-1521	gitlab	Medium	information disclosure

References
https://about.gitlab.com/blog/2021/02/01/security-release-gitlab-13-8-2-released/#guest-user-can-see-tag-names-in-private-projects https://gitlab.com/gitlab-org/gitlab-foss/-/commit/41b1c0469dba622a1c2c67c17f1f5e491573accf

References

https://about.gitlab.com/blog/2021/02/01/security-release-gitlab-13-8-2-released/#guest-user-can-see-tag-names-in-private-projects
https://gitlab.com/gitlab-org/gitlab-foss/-/commit/41b1c0469dba622a1c2c67c17f1f5e491573accf