Lucene search

K

[email protected]NVD:CVE-2022-4037

HistoryJan 12, 2023 - 4:15 a.m.

CVE-2022-4037

2023-01-1204:15:09

CWE-362

[email protected]

web.nvd.nist.gov

2

gitlab

vulnerability

oauth

forgery

8.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

7 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.7%

An issue has been discovered in GitLab CE/EE affecting all versions before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. A race condition can lead to verified email forgery and takeover of third-party accounts when using GitLab as an OAuth provider.

Affected configurations

NVD

Node

gitlabgitlabRange<15.5.7community

OR

gitlabgitlabRange<15.5.7enterprise

OR

gitlabgitlabRange15.6.0–15.6.4community

OR

gitlabgitlabRange15.6.0–15.6.4enterprise

OR

gitlabgitlabRange15.7.0–15.7.2community

OR

gitlabgitlabRange15.7.0–15.7.2enterprise

References

gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4037.json

gitlab.com/gitlab-org/gitlab/-/issues/382957

hackerone.com/reports/1772543

8.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

7 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.7%

Related for NVD:CVE-2022-4037

nessus3 cve1 debiancve1 osv2 ubuntucve1 prion1 veracode1 cvelist1 freebsd1