CVE-2022-2630
published 2022-10-17CVE-2022-2630: An improper access control issue in GitLab CE/EE affecting all versions starting from 15.2 before 15.2.4, all versions from 15.3 before 15.3.2 allows…
PriorityP421medium4.3CVSS 3.1
AVNACLPRLUINSUCLINAN
EPSS
0.60%
44.5th percentile
An improper access control issue in GitLab CE/EE affecting all versions starting from 15.2 before 15.2.4, all versions from 15.3 before 15.3.2 allows disclosure of confidential information via the Incident timeline events.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | gitlab | < gitlab 15.10.8+ds1-2 (sid) | gitlab 15.10.8+ds1-2 (sid) |
| gitlab | gitlab | — | — |
| gitlab | gitlab | — | — |
| gitlab | gitlab | — | — |
| gitlab | gitlab | >= 15.2 < 15.2.4 | 15.2.4 |
| gitlab | gitlab | >= 15.3 < 15.3.2 | 15.3.2 |
| gitlab | gitlab_ce | — | — |
CVSS provenance
nvdv3.14.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
osv4.3MEDIUM
vendor_debian4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
GitLab Community Edition/Enterprise Edition Incident Timeline access control (Issue 36942 / EUVD-2022-34877)
vuldb·2026-05-26·CVSS 4.3
CVE-2022-2630 [MEDIUM] GitLab Community Edition/Enterprise Edition Incident Timeline access control (Issue 36942 / EUVD-2022-34877)
A vulnerability labeled as critical has been found in GitLab Community Edition and Enterprise Edition. This affects an unknown part of the component Incident Timeline Handler. The manipulation results in improper access controls.
This vulnerability was named CVE-2022-2630. The attack may be performed from remote. There is no available exploit.
The affected component should be upgraded.
OSV
CVE-2022-2630: An improper access control issue in GitLab CE/EE affecting all versions starting from 15
osv·2022-10-17·CVSS 4.3
CVE-2022-2630 [MEDIUM] CVE-2022-2630: An improper access control issue in GitLab CE/EE affecting all versions starting from 15
An improper access control issue in GitLab CE/EE affecting all versions starting from 15.2 before 15.2.4, all versions from 15.3 before 15.3.2 allows disclosure of confidential information via the Incident timeline events.
GHSA
GHSA-wccp-g34r-cx74: An improper access control issue in GitLab CE/EE affecting all versions starting from 15
ghsa_unreviewed·2022-10-17
CVE-2022-2630 [MEDIUM] CWE-284 GHSA-wccp-g34r-cx74: An improper access control issue in GitLab CE/EE affecting all versions starting from 15
An improper access control issue in GitLab CE/EE affecting all versions starting from 15.2 before 15.2.4, all versions from 15.3 before 15.3.2 allows disclosure of confidential information via the Incident timeline events.
GitLab
CVE-2022-2630: An improper access control issue in GitLab CE/EE affecting all versions starting from 15.2 before 15.2.4, all versions from 15.3 before 15.3.2 allows
vendor_gitlab·2022-10-17·CVSS 4.3
CVE-2022-2630 [MEDIUM] CWE-284 CVE-2022-2630: An improper access control issue in GitLab CE/EE affecting all versions starting from 15.2 before 15.2.4, all versions from 15.3 before 15.3.2 allows
CVE-2022-2630: An improper access control issue in GitLab CE/EE affecting all versions starting from 15.2 before 15.2.4, all versions from 15.3 before 15.3.2 allows disclosure of confidential information via the Incident timeline events.
Debian
CVE-2022-2630: gitlab - An improper access control issue in GitLab CE/EE affecting all versions starting...
vendor_debian·2022·CVSS 4.3
CVE-2022-2630 [MEDIUM] CVE-2022-2630: gitlab - An improper access control issue in GitLab CE/EE affecting all versions starting...
An improper access control issue in GitLab CE/EE affecting all versions starting from 15.2 before 15.2.4, all versions from 15.3 before 15.3.2 allows disclosure of confidential information via the Incident timeline events.
Scope: local
sid: resolved (fixed in 15.10.8+ds1-2)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2630.jsonhttps://gitlab.com/gitlab-org/gitlab/-/issues/369429https://hackerone.com/reports/1652853https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2630.jsonhttps://gitlab.com/gitlab-org/gitlab/-/issues/369429https://hackerone.com/reports/1652853
2022-10-17
Published