CVE-2022-3482: 
GitLab vulnerability analysis and mitigation

An improper access control vulnerability (CVE-2022-3482) was discovered in GitLab CE/EE affecting all versions from 11.3 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. The vulnerability allowed unauthorized users to view release names in public projects even when releases were configured to be restricted to project members only (GitLab Security, CVE Mitre).

The vulnerability was classified as a medium severity issue with a CVSS v3.1 score of 5.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). The issue stemmed from improper access control implementation where the tag page in public projects would disclose release names, bypassing the intended access restrictions (GitLab Security).

The vulnerability allowed unauthorized users to view release names through the project's tags page, even when the releases were explicitly configured to be visible only to project members. While the full release details remained protected, the names of releases were exposed, potentially revealing sensitive information about project versioning or internal naming conventions (GitLab Issue).

The vulnerability was patched in GitLab versions 15.3.5, 15.4.4, and 15.5.2. Organizations running affected versions should upgrade to the patched versions immediately. GitLab.com was promptly updated with the security fix (GitLab Security).

The vulnerability was responsibly disclosed through GitLab's HackerOne bug bounty program by security researcher ashishrpadelkar. GitLab addressed the issue in their security release and publicly acknowledged the researcher's contribution (GitLab Security).