5.3

CVE-2022-3482

Exploit

EPSS 0.31%
Veröffentlicht 26.01.2023 21:15:51
Zuletzt bearbeitet 21.11.2024 07:19:37
Quelle cve@gitlab.com
CVE-Watchlists
Login
Unerledigt
Login

An improper access control issue in GitLab CE/EE affecting all versions from 11.3 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allowed an unauthorized user to see release names even when releases we set to be restricted to project members only

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Gitlab ≫ Gitlab SwEditioncommunity Version >= 11.3.0 < 15.4.6

Gitlab ≫ Gitlab SwEditionenterprise Version >= 11.3.0 < 15.4.6

Gitlab ≫ Gitlab SwEditioncommunity Version >= 15.5.0 < 15.5.5

Gitlab ≫ Gitlab SwEditionenterprise Version >= 15.5.0 < 15.5.5

Gitlab ≫ Gitlab Version15.6.0 SwEditioncommunity

Gitlab ≫ Gitlab Version15.6.0 SwEditionenterprise

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.31%	0.538

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cve@gitlab.com	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3482.json

Vendor Advisory

https://gitlab.com/gitlab-org/gitlab/-/issues/377802

Vendor Advisory

Exploit

https://hackerone.com/reports/1725841

Third Party Advisory

Permissions Required

https://nvd.nist.gov/vuln/detail/CVE-2022-3482

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-3482

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-3482

EUVD