CVE Vulnerability

CVE-2022-3066

An issue has been discovered in GitLab affecting all versions starting from 10.0 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. It was possible for an unauthorised user to create issues in a project.

5.4 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://hackerone.com/reports/1685105 Permissions Required Third Party Advisory
https://gitlab.com/gitlab-org/gitlab/-/issues/372149 Broken Link Third Party Advisory
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3066.json Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
Information

Published : 2022-10-17 04:15

Updated : 2022-10-19 02:59

NVD link : CVE-2022-3066

Mitre link : CVE-2022-3066

Products Affected
No products.
CWE
NVD-CWE-noinfo