CVE-2022-2244 — Incorrect Authorization in Gitlab

CWE-863 — Incorrect Authorization5 documents5 sources

Severity

4.3MEDIUMNVD

EPSS

0.2%

top 61.29%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gitlab Debian Gitlab Gitlab EE

Timeline

PublishedJul 1

Latest updateJul 2

Description

An improper authorization vulnerability in GitLab EE/CE affecting all versions from 14.8 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows project memebers with reporter role to manage issues in project's error tracking feature.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages5 packages

▶NVDgitlab/gitlab14.8.0 — 14.10.5+2

▶debiandebian/gitlab< gitlab 15.10.8+ds1-2 (sid)

▶CVEListV5gitlab/gitlab>=14.8, <14.10.5, >=15.0, <15.0.4, >=15.1, <15.1.1+2

▶gitlabgitlab/gitlab

▶gitlabgitlab/gitlab_ee

🔴Vulnerability Details

GHSA

GHSA-4wc6-q22j-fx9w: An improper authorization vulnerability in GitLab EE/CE affecting all versions from 14↗2022-07-02

▶

OSV

CVE-2022-2244: An improper authorization vulnerability in GitLab EE/CE affecting all versions from 14↗2022-07-01

▶

📋Vendor Advisories

GitLab

CVE-2022-2244: An improper authorization vulnerability in GitLab EE/CE affecting all versions from 14.8 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.↗2022-07-01

▶

Debian

CVE-2022-2244: gitlab - An improper authorization vulnerability in GitLab EE/CE affecting all versions f...↗2022

▶