Lucene search

K

[email protected]NVD:CVE-2022-3482

HistoryJan 26, 2023 - 9:15 p.m.

CVE-2022-3482

2023-01-2621:15:51

CWE-862

[email protected]

web.nvd.nist.gov

1

gitlab

access control

security issue

unauthorized user

version 11.3

version 15.5.2

release names

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

40.7%

An improper access control issue in GitLab CE/EE affecting all versions from 11.3 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allowed an unauthorized user to see release names even when releases we set to be restricted to project members only

Affected configurations

NVD

Node

gitlabgitlabRange11.3.0–15.4.6community

OR

gitlabgitlabRange11.3.0–15.4.6enterprise

OR

gitlabgitlabRange15.5.0–15.5.5community

OR

gitlabgitlabRange15.5.0–15.5.5enterprise

OR

gitlabgitlabMatch15.6.0community

OR

gitlabgitlabMatch15.6.0enterprise

References

gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3482.json

gitlab.com/gitlab-org/gitlab/-/issues/377802

hackerone.com/reports/1725841

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

40.7%

Related for NVD:CVE-2022-3482

prion1 cve1 osv2 cvelist1 veracode1 debiancve1 ubuntucve1 nessus2 freebsd1