CVE-2022-0152Missing Authorization in Gitlab

CWE-862Missing Authorization5 documents5 sources
Severity
6.5MEDIUMNVD
EPSS
0.2%
top 64.15%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
GitlabDebian Gitlab
Timeline
PublishedJan 18
Latest updateJan 19

Description

An issue has been discovered in GitLab affecting all versions starting from 13.10 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLab was vulnerable to unauthorized access to some particular fields through the GraphQL API.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

NVDgitlab/gitlab13.1014.4.5+2
debiandebian/gitlab< gitlab 15.10.8+ds1-2 (sid)
CVEListV5gitlab/gitlab>=13.10, <14.4.5, >=14.5, <14.5.3, >=14.6, <14.6.2+2
gitlabgitlab/gitlab

🔴Vulnerability Details

2
GHSA
GHSA-wggh-9jhq-9h7x: An issue has been discovered in GitLab affecting all versions starting from 132022-01-19
OSV
CVE-2022-0152: An issue has been discovered in GitLab affecting all versions starting from 132022-01-18

📋Vendor Advisories

2
GitLab
CVE-2022-0152: An issue has been discovered in GitLab affecting all versions starting from 13.10 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all2022-01-18
Debian
CVE-2022-0152: gitlab - An issue has been discovered in GitLab affecting all versions starting from 13.1...2022