CVE-2022-3060 — Path Traversal in Gitlab

CWE-22 — Path Traversal CWE-74 — Injection5 documents5 sources

Severity

7.3HIGHNVD

EPSS

0.6%

top 30.51%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Gitlab Gitlab Gitlab CE

Timeline

PublishedOct 17

Description

Improper control of a resource identifier in Error Tracking in GitLab CE/EE affecting all versions from 12.7 allows an authenticated attacker to generate content which could cause a victim to make unintended arbitrary requests

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:NExploitability: 2.1 | Impact: 5.2

Affected Packages5 packages

▶debiandebian/gitlab< gitlab 15.10.8+ds1-2 (sid)

▶NVDgitlab/gitlab12.7.0

▶CVEListV5gitlab/gitlab>=12.7, <15.2.5, >=15.3, <15.3.4, >=15.4, <15.4.1+2

▶gitlabgitlab/gitlab

▶gitlabgitlab/gitlab_ce

🔴Vulnerability Details

OSV

CVE-2022-3060: Improper control of a resource identifier in Error Tracking in GitLab CE/EE affecting all versions from 12↗2022-10-17

▶

GHSA

GHSA-g5cm-j62r-w7f5: Improper control of a resource identifier in Error Tracking in GitLab CE/EE affecting all versions from 12↗2022-10-17

▶

📋Vendor Advisories

GitLab

CVE-2022-3060: Improper control of a resource identifier in Error Tracking in GitLab CE/EE affecting all versions from 12.7 allows an authenticated attacker to gener↗2022-10-17

▶

Debian

CVE-2022-3060: gitlab - Improper control of a resource identifier in Error Tracking in GitLab CE/EE affe...↗2022

▶