Vulnerability Description
An information disclosure vulnerability in GitLab EE affecting all versions from 12.5 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows disclosure of release titles if group milestones are associated with any project releases.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gitlab | Gitlab | >= 12.5.0, < 14.10.5 |
References
- https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2281.jsonVendor Advisory
- https://gitlab.com/gitlab-org/gitlab/-/issues/271172Broken Link
- https://hackerone.com/reports/1012659Permissions RequiredThird Party Advisory
- https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2281.jsonVendor Advisory
- https://gitlab.com/gitlab-org/gitlab/-/issues/271172Broken Link
- https://hackerone.com/reports/1012659Permissions RequiredThird Party Advisory
FAQ
What is CVE-2022-2281?
CVE-2022-2281 is a vulnerability with a CVSS score of 2.6 (LOW). An information disclosure vulnerability in GitLab EE affecting all versions from 12.5 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows disclosure of release titles if group mil...
How severe is CVE-2022-2281?
CVE-2022-2281 has been rated LOW with a CVSS base score of 2.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-2281?
Check the references section above for vendor advisories and patch information. Affected products include: Gitlab Gitlab.