CVE-2022-1124
published 2022-05-11CVE-2022-1124: An improper authorization issue has been discovered in GitLab CE/EE affecting all versions prior to 14.8.6, all versions from 14.9.0 prior to 14.9.4, and…
PriorityP422medium4.3CVSS 3.1
AVNACLPRLUINSUCLINAN
EPSS
0.69%
48.1th percentile
An improper authorization issue has been discovered in GitLab CE/EE affecting all versions prior to 14.8.6, all versions from 14.9.0 prior to 14.9.4, and 14.10.0, allowing Guest project members to access trace log of jobs when it is enabled
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | gitlab | < gitlab 15.10.8+ds1-2 (sid) | gitlab 15.10.8+ds1-2 (sid) |
| gitlab | gitlab | < 14.8.6 | 14.8.6 |
| gitlab | gitlab | — | — |
| gitlab | gitlab | — | — |
| gitlab | gitlab | — | — |
| gitlab | gitlab | — | — |
| gitlab | gitlab | — | — |
| gitlab | gitlab | >= 14.9.0 < 14.9.4 | 14.9.4 |
| gitlab | gitlab_ce | — | — |
CVSS provenance
nvdv3.14.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:P/I:N/A:N
vendor_debian4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-fcmm-jq9f-cc5p: An improper authorization issue has been discovered in GitLab CE/EE affecting all versions prior to 14
ghsa_unreviewed·2022-05-12
CVE-2022-1124 [MEDIUM] CWE-863 GHSA-fcmm-jq9f-cc5p: An improper authorization issue has been discovered in GitLab CE/EE affecting all versions prior to 14
An improper authorization issue has been discovered in GitLab CE/EE affecting all versions prior to 14.8.6, all versions from 14.9.0 prior to 14.9.4, and 14.10.0, allowing Guest project members to access trace log of jobs when it is enabled
GitLab
CVE-2022-1124: An improper authorization issue has been discovered in GitLab CE/EE affecting all versions prior to 14.8.6, all versions from 14.9.0 prior to 14.9.4,
vendor_gitlab·2022-05-11·CVSS 4.3
CVE-2022-1124 [MEDIUM] CWE-863 CVE-2022-1124: An improper authorization issue has been discovered in GitLab CE/EE affecting all versions prior to 14.8.6, all versions from 14.9.0 prior to 14.9.4,
CVE-2022-1124: An improper authorization issue has been discovered in GitLab CE/EE affecting all versions prior to 14.8.6, all versions from 14.9.0 prior to 14.9.4, and 14.10.0, allowing Guest project members to access trace log of jobs when it is enabled
Debian
CVE-2022-1124: gitlab - An improper authorization issue has been discovered in GitLab CE/EE affecting al...
vendor_debian·2022·CVSS 4.3
CVE-2022-1124 [MEDIUM] CVE-2022-1124: gitlab - An improper authorization issue has been discovered in GitLab CE/EE affecting al...
An improper authorization issue has been discovered in GitLab CE/EE affecting all versions prior to 14.8.6, all versions from 14.9.0 prior to 14.9.4, and 14.10.0, allowing Guest project members to access trace log of jobs when it is enabled
Scope: local
sid: resolved (fixed in 15.10.8+ds1-2)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1124.jsonhttps://gitlab.com/gitlab-org/gitlab/-/issues/323552https://hackerone.com/reports/1113405https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1124.jsonhttps://gitlab.com/gitlab-org/gitlab/-/issues/323552https://hackerone.com/reports/1113405
2022-05-11
Published