CVE-2021-22193: 
GitLab 5FOqC0

An information disclosure vulnerability (CVE-2021-22193) was discovered in GitLab affecting all versions starting from 7.1. The vulnerability allowed a member of a private group to validate the existence of a specific name for a private project, potentially leading to unauthorized information disclosure (GitLab Release, NVD).

The vulnerability has been assigned a CVSS v3.1 Base Score of 3.5 (LOW) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N. The issue is classified under CWE-209 (Generation of Error Message Containing Sensitive Information). The vulnerability affects both GitLab Community and Enterprise editions, versions from 7.1.0 up to (excluding) 13.8.2 (NVD).

The vulnerability could allow attackers to determine the existence of private projects within GitLab groups, leading to potential privacy breaches and information disclosure about confidential project names (GitLab Release).

GitLab has addressed this vulnerability in versions 13.8.2, 13.7.6, and 13.6.6. Users are strongly recommended to upgrade to these or later versions immediately to mitigate the security risk (GitLab Release).