Lucene search

GoogleOSV:BIT-GITLAB-2022-4167

HistoryMar 06, 2024 - 11:13 a.m.

BIT-gitlab-2022-4167

2024-03-0611:13:23

Google

osv.dev

gitlab

authorization

security flaw

group access tokens

software vulnerability

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

6.5

Confidence

Low

EPSS

0.002

Percentile

57.0%

JSON

Incorrect Authorization check affecting all versions of GitLab EE from 13.11 prior to 15.5.7, 15.6 prior to 15.6.4, and 15.7 prior to 15.7.2 allows group access tokens to continue working even after the group owner loses the ability to revoke them.

References

gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4167.json

gitlab.com/gitlab-org/gitlab/-/issues/367740

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

6.5

Confidence

Low

EPSS

0.002

Percentile

57.0%

JSON

Related for OSV:BIT-GITLAB-2022-4167