CVE-2022-1417: 
GitLab vulnerability analysis and mitigation

CVE-2022-1417 is a security vulnerability affecting GitLab CE/EE versions starting from 8.12 before 14.8.6, versions from 14.9 before 14.9.4, and versions from 14.10 before 14.10.1. The vulnerability was discovered and reported on January 10, 2021, and was publicly disclosed in May 2022 (GitLab Issue).

The vulnerability is classified as an improper access control issue (CWE-863) that allows non-project members to access contents of Project Members-only Wikis via malicious CI jobs. The vulnerability has a CVSS v3.1 base score of 4.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N (NVD).

The vulnerability allows unauthorized users to bypass access controls and read private Wiki contents of GitLab projects that are configured to be accessible only to project members. This creates a potential data leak where confidential documentation and information stored in project wikis could be exposed to unauthorized individuals (GitLab Issue).

The vulnerability has been fixed in GitLab versions 14.8.6, 14.9.4, and 14.10.1. Users are advised to upgrade to these or later versions to protect against this vulnerability (NVD).