Improper access control in Gitlab CE/EE versions 12.7 to 14.5.4, 14.6 to 14.6.4, and 14.7 to 14.7.1 allowed for project non-members to retrieve issue details when it was linked to an item from the vulnerability dashboard.
https://hackerone.com/reports/1179733
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0390.json
https://gitlab.com/gitlab-org/gitlab/-/issues/330030
Source: Mitre, NVD
Published: 2022-04-01
Updated: 2024-11-21
Base Score: 2.1
Vector: CVSS2#AV:N/AC:H/Au:S/C:P/I:N/A:N
Severity: Low
Base Score: 4.3
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Severity: Medium
EPSS: 0.00049