The host is installed with GitLab CE/EE 13.7 before 14.10.5, 15.0 before 15.0.4 or 15.1 before 15.1.1 and is prone to an incorrect authorization vulnerability. A flaw is present in the application, which fails to properly handle issues in unspecified vectors. Successful exploitation could allows attacker to extract the value of an unprotected variable they know the name of in public projects or private projects they're a member of.