CVE Vulnerabilities

CVE-2022-3067

Published: Oct 17, 2022 | Modified: Nov 21, 2024
CVSS 3.x
6.5
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM

An issue has been discovered in the Import functionality of GitLab CE/EE affecting all versions starting from 14.4 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. It was possible for an authenticated user to read arbitrary projects content given the projects ID.

Affected Software

Name Vendor Start Version End Version
Gitlab Gitlab 14.4 (including) 15.2.5 (excluding)
Gitlab Gitlab 15.3 (including) 15.3.4 (excluding)
Gitlab Gitlab 15.4 (including) 15.4.1 (excluding)
Gitlab Ubuntu esm-apps/xenial *
Gitlab Ubuntu trusty *
Gitlab Ubuntu xenial *

References