CVE-2022-2539Incorrect Authorization in Gitlab

CWE-863Incorrect AuthorizationCWE-3996 documents6 sources
Severity
5.3MEDIUMNVD
CISA7.8
EPSS
0.2%
top 59.21%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
GitlabDebian GitlabGitlab CE
Timeline
PublishedAug 5
Latest updateAug 6

Description

An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.6 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1, allowed a project member to filter issues by contact and organization.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages5 packages

NVDgitlab/gitlab14.6.015.0.5+2
debiandebian/gitlab< gitlab 15.10.8+ds1-2 (sid)
CVEListV5gitlab/gitlab>=14.6, <15.0.5, >=15.1, <15.1.4, >=15.2, <15.2.1+2
gitlabgitlab/gitlab

🔴Vulnerability Details

2
GHSA
GHSA-238w-mq8v-6c9c: An issue has been discovered in GitLab CE/EE affecting all versions starting from 142022-08-06
OSV
CVE-2022-2539: An issue has been discovered in GitLab CE/EE affecting all versions starting from 142022-08-05

📋Vendor Advisories

3
GitLab
CVE-2022-2539: An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.6 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.12022-08-05
CISA
Microsoft Word Remote Code Execution Vulnerability2022-03-28
Debian
CVE-2022-2539: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions starting fro...2022