CVE-2022-1193 — Incorrect Authorization in Gitlab

CWE-863 — Incorrect Authorization CWE-286 — Incorrect User Management7 documents6 sources

Severity

4.3MEDIUMNVD

EPSS

0.1%

top 66.04%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Gitlab Debian Gitlab +1 more

Timeline

PublishedApr 11

Latest updateDec 8

Description

Improper access control in GitLab CE/EE versions 10.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows a malicious actor to obtain details of the latest commit in a private project via Merge Requests under certain circumstances

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages6 packages

▶NVDgitlab/gitlab10.7.0 — 14.7.7+2

▶debiandebian/gitlab< gitlab 15.10.8+ds1-2 (sid)

▶CVEListV5gitlab/gitlab>=10.7, <14.7.7, >=14.8, <14.8.5, >=14.9, <14.9.2+2

▶gitlabgitlab/gitlab

▶gitlabgitlab/gitlab_ce

🔴Vulnerability Details

OSV

f2fs: fix to invalidate dcc->f2fs_issue_discard in error path↗2025-12-08

▶

GHSA

GHSA-p4cp-frqx-5q69: Improper access control in GitLab CE/EE versions 10↗2022-04-12

▶

OSV

CVE-2022-1193: Improper access control in GitLab CE/EE versions 10↗2022-04-11

▶

📋Vendor Advisories

GitLab

CVE-2022-1193: Improper access control in GitLab CE/EE versions 10.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows a malicious actor to obta↗2022-04-11

▶

Debian

CVE-2022-1193: gitlab - Improper access control in GitLab CE/EE versions 10.7 prior to 14.7.7, 14.8 prio...↗2022

▶

📐Framework References

CWE

Incorrect User Management↗

▶