Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-hd2f-p7zx-vqcp

Summary An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.0 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. Membership changes are not reflected in TODO for confidential notes, allowing a former project members to read updates via TODOs.

Aliases

alias	CVE-2022-2512

Fixed_packages

url	pkg:alpm/archlinux/gitlab@15.2.1-1
purl	pkg:alpm/archlinux/gitlab@15.2.1-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@15.2.1-1

url	pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl	pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

Affected_packages

url pkg:alpm/archlinux/gitlab@15.2.0-1

purl pkg:alpm/archlinux/gitlab@15.2.0-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1t9u-drzk-5ffz

vulnerability	VCID-3szm-mdpf-6ua7

vulnerability	VCID-92x8-rmhg-zuh6

vulnerability	VCID-9cvy-mzhc-ukhu

vulnerability	VCID-hd2f-p7zx-vqcp

vulnerability	VCID-hfyr-23g4-y7e5

vulnerability	VCID-mbnw-5r9b-mybe

vulnerability	VCID-mrtq-9dj4-a7bf

vulnerability	VCID-tv9d-9wvu-rfdg

vulnerability	VCID-tzw9-uffa-9ycy

vulnerability	VCID-wyff-62y3-9qdq

resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@15.2.0-1

References

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-2512

reference_id

reference_type

scores

value	0.00123
scoring_system	epss
scoring_elements	0.31331
published_at	2026-04-24T12:55:00Z

value	0.00123
scoring_system	epss
scoring_elements	0.31655
published_at	2026-04-02T12:55:00Z

value	0.00123
scoring_system	epss
scoring_elements	0.31699
published_at	2026-04-04T12:55:00Z

value	0.00123
scoring_system	epss
scoring_elements	0.31517
published_at	2026-04-07T12:55:00Z

value	0.00123
scoring_system	epss
scoring_elements	0.3157
published_at	2026-04-08T12:55:00Z

value	0.00123
scoring_system	epss
scoring_elements	0.316
published_at	2026-04-09T12:55:00Z

value	0.00123
scoring_system	epss
scoring_elements	0.31605
published_at	2026-04-11T12:55:00Z

value	0.00123
scoring_system	epss
scoring_elements	0.31563
published_at	2026-04-12T12:55:00Z

value	0.00123
scoring_system	epss
scoring_elements	0.31526
published_at	2026-04-13T12:55:00Z

value	0.00123
scoring_system	epss
scoring_elements	0.31559
published_at	2026-04-16T12:55:00Z

value	0.00123
scoring_system	epss
scoring_elements	0.31537
published_at	2026-04-18T12:55:00Z

value	0.00123
scoring_system	epss
scoring_elements	0.31504
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-2512

reference_url

https://security.archlinux.org/AVG-2785

reference_id

AVG-2785

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2785

Weaknesses

Exploits

Severity_range_score 4.0 - 6.9

Exploitability 0.5

Weighted_severity 6.2

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hd2f-p7zx-vqcp

Vulnerability Instance