We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
An issue was discovered in GitLab CE/EE affecting all versions before 17.6.0 in which users were unaware that files uploaded to comments on confidential issues and epics of public projects could be accessed without authentication via a direct link to the uploaded file URL.
Reserved 2023-09-21 | Published 2024-12-25 | Updated 2024-12-26 | Assigner GitLabCWE-213: Exposure of Sensitive Information Due to Incompatible Policies
This issue was reported internally by team member [Greg Myers](https://gitlab.com/greg).
gitlab.com/gitlab-org/gitlab/-/issues/398250 (GitLab Issue #398250)
Support options