CVE-2022-0244 — Files or Directories Accessible to External Parties in Gitlab

CWE-552 — Files or Directories Accessible to External Parties5 documents5 sources

Severity

7.5HIGHNVD

EPSS

0.3%

top 47.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Gitlab Gitlab Gitlab CE

Timeline

PublishedJan 18

Latest updateJan 19

Description

An issue has been discovered in GitLab CE/EE affecting all versions starting with 14.5. Arbitrary file read was possible by importing a group was due to incorrect handling of file.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages5 packages

▶debiandebian/gitlab< gitlab 15.10.8+ds1-2 (sid)

▶NVDgitlab/gitlab14.5 — 14.5.3+1

▶CVEListV5gitlab/gitlab>=14.5, <14.5.3, >=14.6, <14.6.2+1

▶gitlabgitlab/gitlab

▶gitlabgitlab/gitlab_ce

🔴Vulnerability Details

GHSA

GHSA-66vj-p7rx-6jrr: An issue has been discovered in GitLab CE/EE affecting all versions starting with 14↗2022-01-19

▶

OSV

CVE-2022-0244: An issue has been discovered in GitLab CE/EE affecting all versions starting with 14↗2022-01-18

▶

📋Vendor Advisories

GitLab

CVE-2022-0244: An issue has been discovered in GitLab CE/EE affecting all versions starting with 14.5. Arbitrary file read was possible by importing a group was due↗2022-01-18

▶

Debian

CVE-2022-0244: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions starting wit...↗2022

▶