CVE-2022-3067

An issue has been discovered in the Import functionality of GitLab CE/EE affecting all versions starting from 14.4 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. It was possible for an authenticated user to read arbitrary projects' content given the project's ID.
References
Link Resource
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3067.json Third Party Advisory
https://hackerone.com/reports/1685822 Permissions Required Third Party Advisory
https://gitlab.com/gitlab-org/gitlab/-/issues/372165 Broken Link Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

Information

Published : 2022-10-17 04:15

Updated : 2022-10-19 03:07


NVD link : CVE-2022-3067

Mitre link : CVE-2022-3067

Products Affected
No products.