CVE-2022-4167

EPSS 0.14%
Veröffentlicht 12.01.2023 04:15:10
Zuletzt bearbeitet 08.04.2025 17:15:33
Quelle cve@gitlab.com
CVE-Watchlists
Login
Unerledigt
Login

Incorrect Authorization check affecting all versions of GitLab EE from 13.11 prior to 15.5.7, 15.6 prior to 15.6.4, and 15.7 prior to 15.7.2 allows group access tokens to continue working even after the group owner loses the ability to revoke them.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Gitlab ≫ Gitlab SwEditionenterprise Version >= 13.11.0 < 15.5.7

Gitlab ≫ Gitlab SwEditionenterprise Version >= 15.6.0 < 15.6.4

Gitlab ≫ Gitlab SwEditionenterprise Version >= 15.7.0 < 15.7.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.14%	0.341

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cve@gitlab.com	5.3	1.6	3.6	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4167.json

Vendor Advisory

https://gitlab.com/gitlab-org/gitlab/-/issues/367740

Broken Link

https://nvd.nist.gov/vuln/detail/CVE-2022-4167

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-4167

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-4167

EUVD