CVE-2022-2630 — Improper Access Control in Gitlab

CWE-284 — Improper Access Control5 documents5 sources

Severity

4.3MEDIUMNVD

EPSS

0.3%

top 49.69%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gitlab Debian Gitlab Gitlab CE

Timeline

PublishedOct 17

Description

An improper access control issue in GitLab CE/EE affecting all versions starting from 15.2 before 15.2.4, all versions from 15.3 before 15.3.2 allows disclosure of confidential information via the Incident timeline events.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages5 packages

▶NVDgitlab/gitlab15.2 — 15.2.4+1

▶debiandebian/gitlab< gitlab 15.10.8+ds1-2 (sid)

▶CVEListV5gitlab/gitlab>=15.2, <15.2.4, >=15.3, <15.3.2+1

▶gitlabgitlab/gitlab

▶gitlabgitlab/gitlab_ce

🔴Vulnerability Details

OSV

CVE-2022-2630: An improper access control issue in GitLab CE/EE affecting all versions starting from 15↗2022-10-17

▶

GHSA

GHSA-wccp-g34r-cx74: An improper access control issue in GitLab CE/EE affecting all versions starting from 15↗2022-10-17

▶

📋Vendor Advisories

GitLab

CVE-2022-2630: An improper access control issue in GitLab CE/EE affecting all versions starting from 15.2 before 15.2.4, all versions from 15.3 before 15.3.2 allows↗2022-10-17

▶

Debian

CVE-2022-2630: gitlab - An improper access control issue in GitLab CE/EE affecting all versions starting...↗2022

▶