CVE-2022-1963 — Gitlab vulnerability

5 documents5 sources

Severity

5.3MEDIUMNVD

EPSS

1.2%

top 21.35%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gitlab Debian Gitlab Gitlab CE

Timeline

PublishedJul 1

Latest updateJul 2

Description

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4 before 14.10.5, all versions starting from 15.0 before 15.0.4, all versions starting from 15.1 before 15.1.1. GitLab reveals if a user has enabled two-factor authentication on their account in the HTML source, to unauthenticated users.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages5 packages

▶NVDgitlab/gitlab13.4.0 — 14.10.5+2

▶debiandebian/gitlab< gitlab 15.10.8+ds1-2 (sid)

▶CVEListV5gitlab/gitlab>=13.4, <14.10.5, >=15.0, <15.0.4, >=15.1, <15.1.1+2

▶gitlabgitlab/gitlab

▶gitlabgitlab/gitlab_ce

🔴Vulnerability Details

GHSA

GHSA-h743-v64g-4f2g: An issue has been discovered in GitLab CE/EE affecting all versions starting from 13↗2022-07-02

▶

OSV

CVE-2022-1963: An issue has been discovered in GitLab CE/EE affecting all versions starting from 13↗2022-07-01

▶

📋Vendor Advisories

GitLab

CVE-2022-1963: An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4 before 14.10.5, all versions starting from 15.0 before 15.0.4,↗2022-07-01

▶

Debian

CVE-2022-1963: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions starting fro...↗2022

▶