2022-08-05 15:12:59
GitLab
PUBLISHED
An improper access control check in GitLab CE/EE affecting all versions starting from 13.7 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1 allows a malicious authenticated user to view a public projects Deploy Keys public fingerprint and name when that key has write permission. Note that GitLab never asks for nor stores the private key.