GitLab CE/EE Information Disclosure Vulnerability in Inaccessible Issues

A vulnerability allowing authenticated users to disclose confidential issue titles has been identified in GitLab Community Edition (CE) and Enterprise Edition (EE). This issue affects all versions from 12.6 prior to 18.7.6, 18.8 prior to 18.8.6, and 18.9 prior to 18.9.2. The vulnerability arises from improper filtering under certain circumstances, which could have allowed users to access sensitive information from issues that were not publicly accessible.

Impact

Exploitation of this vulnerability could lead to unauthorized disclosure of confidential issue titles, potentially revealing sensitive information to users who should not have access to it.

Remediation

Users are strongly advised to upgrade to GitLab versions 18.9.2, 18.8.6, or 18.7.6. Instructions for updating GitLab can be found on the GitLab Update page. For GitLab Runner, refer to the Updating the Runner page.