4.3

CVE-2022-3030

An improper access control issue in GitLab CE/EE affecting all versions starting before 15.1.6, all versions from 15.2 before 15.2.4, all versions from 15.3 before 15.3.2 allows disclosure of pipeline status to unauthorized users.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GitlabGitLab SwEditioncommunity Version < 15.1.6
GitlabGitLab SwEditionenterprise Version < 15.1.6
GitlabGitLab SwEditioncommunity Version >= 15.2 < 15.2.4
GitlabGitLab SwEditionenterprise Version >= 15.2 < 15.2.4
GitlabGitLab SwEditioncommunity Version >= 15.3 < 15.3.2
GitlabGitLab SwEditionenterprise Version >= 15.3 < 15.3.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.56% 0.423
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 2.8 1.4
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
cve@gitlab.com 4.3 2.8 1.4
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3030.json
Third Party Advisory
https://gitlab.com/gitlab-org/gitlab/-/issues/37959
Third Party Advisory
Broken Link
https://hackerone.com/reports/749882
Third Party Advisory
Permissions Required