CVE-2022-3030
published 2022-10-17CVE-2022-3030: An improper access control issue in GitLab CE/EE affecting all versions starting before 15.1.6, all versions from 15.2 before 15.2.4, all versions from 15.3…
PriorityP421medium4.3CVSS 3.1
AVNACLPRLUINSUCLINAN
EPSS
0.56%
42.7th percentile
An improper access control issue in GitLab CE/EE affecting all versions starting before 15.1.6, all versions from 15.2 before 15.2.4, all versions from 15.3 before 15.3.2 allows disclosure of pipeline status to unauthorized users.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | gitlab | < gitlab 15.10.8+ds1-2 (sid) | gitlab 15.10.8+ds1-2 (sid) |
| gitlab | gitlab | < 15.1.6 | 15.1.6 |
| gitlab | gitlab | — | — |
| gitlab | gitlab | — | — |
| gitlab | gitlab | — | — |
| gitlab | gitlab | — | — |
| gitlab | gitlab | >= 15.2 < 15.2.4 | 15.2.4 |
| gitlab | gitlab | >= 15.3 < 15.3.2 | 15.3.2 |
| gitlab | gitlab_ce | — | — |
CVSS provenance
nvdv3.14.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
osv4.3MEDIUM
cisa7.5HIGH
vendor_debian4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA
TerraMaster OS Remote Command Execution Vulnerability
cisa·2023-02-10·CVSS 7.5
CVE-2022-24990 [HIGH] CWE-306 TerraMaster OS Remote Command Execution Vulnerability
Vulnerability: TerraMaster OS Remote Command Execution Vulnerability
Affected: TerraMaster TerraMaster OS
TerraMaster OS contains a remote command execution vulnerability that allows an unauthenticated user to execute commands on the target endpoint.
Required Action: Apply updates per vendor instructions.
Notes: https://forum.terra-master.com/en/viewtopic.php?t=3030; https://nvd.nist.gov/vuln/detail/CVE-2022-24990
Remediation Due Date: 2023-03-03
GitLab
CVE-2022-3030: An improper access control issue in GitLab CE/EE affecting all versions starting before 15.1.6, all versions from 15.2 before 15.2.4, all versions fro
vendor_gitlab·2022-10-17·CVSS 4.3
CVE-2022-3030 [MEDIUM] CWE-284 CVE-2022-3030: An improper access control issue in GitLab CE/EE affecting all versions starting before 15.1.6, all versions from 15.2 before 15.2.4, all versions fro
CVE-2022-3030: An improper access control issue in GitLab CE/EE affecting all versions starting before 15.1.6, all versions from 15.2 before 15.2.4, all versions from 15.3 before 15.3.2 allows disclosure of pipeline status to unauthorized users.
Debian
CVE-2022-3030: gitlab - An improper access control issue in GitLab CE/EE affecting all versions starting...
vendor_debian·2022·CVSS 4.3
CVE-2022-3030 [MEDIUM] CVE-2022-3030: gitlab - An improper access control issue in GitLab CE/EE affecting all versions starting...
An improper access control issue in GitLab CE/EE affecting all versions starting before 15.1.6, all versions from 15.2 before 15.2.4, all versions from 15.3 before 15.3.2 allows disclosure of pipeline status to unauthorized users.
Scope: local
sid: resolved (fixed in 15.10.8+ds1-2)
OSV
CVE-2022-3030: An improper access control issue in GitLab CE/EE affecting all versions starting before 15
osv·2022-10-17·CVSS 4.3
CVE-2022-3030 [MEDIUM] CVE-2022-3030: An improper access control issue in GitLab CE/EE affecting all versions starting before 15
An improper access control issue in GitLab CE/EE affecting all versions starting before 15.1.6, all versions from 15.2 before 15.2.4, all versions from 15.3 before 15.3.2 allows disclosure of pipeline status to unauthorized users.
GHSA
GHSA-p38j-fpm5-5w57: An improper access control issue in GitLab CE/EE affecting all versions starting before 15
ghsa_unreviewed·2022-10-17
CVE-2022-3030 [MEDIUM] CWE-284 GHSA-p38j-fpm5-5w57: An improper access control issue in GitLab CE/EE affecting all versions starting before 15
An improper access control issue in GitLab CE/EE affecting all versions starting before 15.1.6, all versions from 15.2 before 15.2.4, all versions from 15.3 before 15.3.2 allows disclosure of pipeline status to unauthorized users.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3030.jsonhttps://gitlab.com/gitlab-org/gitlab/-/issues/37959https://hackerone.com/reports/749882https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3030.jsonhttps://gitlab.com/gitlab-org/gitlab/-/issues/37959https://hackerone.com/reports/749882
2022-10-17
Published