CVE-2022-3030 — Improper Access Control in Gitlab

CWE-284 — Improper Access Control CWE-306 — Missing Authentication for Critical Function6 documents6 sources

Severity

4.3MEDIUMNVD

CISA7.5

EPSS

0.3%

top 46.35%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gitlab Debian Gitlab Gitlab CE

Timeline

PublishedOct 17

Latest updateFeb 10

Description

An improper access control issue in GitLab CE/EE affecting all versions starting before 15.1.6, all versions from 15.2 before 15.2.4, all versions from 15.3 before 15.3.2 allows disclosure of pipeline status to unauthorized users.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages5 packages

▶NVDgitlab/gitlab15.2 — 15.2.4+2

▶debiandebian/gitlab< gitlab 15.10.8+ds1-2 (sid)

▶CVEListV5gitlab/gitlab<15.1.6, >=15.2, <15.2.4, >=15.3, <15.3.2+2

▶gitlabgitlab/gitlab

▶gitlabgitlab/gitlab_ce

🔴Vulnerability Details

OSV

CVE-2022-3030: An improper access control issue in GitLab CE/EE affecting all versions starting before 15↗2022-10-17

▶

GHSA

GHSA-p38j-fpm5-5w57: An improper access control issue in GitLab CE/EE affecting all versions starting before 15↗2022-10-17

▶

📋Vendor Advisories

CISA

TerraMaster OS Remote Command Execution Vulnerability↗2023-02-10

▶

GitLab

CVE-2022-3030: An improper access control issue in GitLab CE/EE affecting all versions starting before 15.1.6, all versions from 15.2 before 15.2.4, all versions fro↗2022-10-17

▶

Debian

CVE-2022-3030: gitlab - An improper access control issue in GitLab CE/EE affecting all versions starting...↗2022

▶