7.3

CVE-2022-4331

EPSS 0.14%
Veröffentlicht 09.03.2023 22:15:51
Zuletzt bearbeitet 28.02.2025 18:15:25
Quelle cve@gitlab.com
CVE-Watchlists
Login
Unerledigt
Login

An issue has been discovered in GitLab EE affecting all versions starting from 15.1 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. If a group with SAML SSO enabled is transferred to a new namespace as a child group, it's possible previously removed malicious maintainer or owner of the child group can still gain access to the group via SSO or a SCIM token to perform actions on the group.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Gitlab ≫ Gitlab SwEditionenterprise Version >= 15.1 < 15.7.8

Gitlab ≫ Gitlab SwEditionenterprise Version >= 15.8 < 15.8.4

Gitlab ≫ Gitlab SwEditionenterprise Version >= 15.9 < 15.9.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.14%	0.352

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.3	2.1	5.2	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
cve@gitlab.com	5.7	0.5	5.2	CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4331.json

Vendor Advisory

https://gitlab.com/gitlab-org/gitlab/-/issues/385050

Broken Link

https://hackerone.com/reports/1791518

Permissions Required

https://nvd.nist.gov/vuln/detail/CVE-2022-4331

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-4331

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-4331

EUVD