Ubuntu.comUB:CVE-2022-4037CVE-2022-4037
8.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
0.004 Low
EPSS
Percentile
72.7%
An issue has been discovered in GitLab CE/EE affecting all versions before
15.5.7, all versions starting from 15.6 before 15.6.4, all versions
starting from 15.7 before 15.7.2. A race condition can lead to verified
email forgery and takeover of third-party accounts when using GitLab as an
OAuth provider.
References
Related
8.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
0.004 Low
EPSS
Percentile
72.7%