4.3

CVE-2022-3030

An improper access control issue in GitLab CE/EE affecting all versions starting before 15.1.6, all versions from 15.2 before 15.2.4, all versions from 15.3 before 15.3.2 allows disclosure of pipeline status to unauthorized users.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GitlabGitlab SwEditioncommunity Version < 15.1.6
GitlabGitlab SwEditionenterprise Version < 15.1.6
GitlabGitlab SwEditioncommunity Version >= 15.2 < 15.2.4
GitlabGitlab SwEditionenterprise Version >= 15.2 < 15.2.4
GitlabGitlab SwEditioncommunity Version >= 15.3 < 15.3.2
GitlabGitlab SwEditionenterprise Version >= 15.3 < 15.3.2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.29% 0.519
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 2.8 1.4
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
cve@gitlab.com 4.3 2.8 1.4
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

https://gitlab.com/gitlab-org/gitlab/-/issues/37959
Third Party Advisory
Broken Link
https://hackerone.com/reports/749882
Third Party Advisory
Permissions Required