CVE-2022-3285
published 2022-11-09CVE-2022-3285: Bypass of healthcheck endpoint allow list affecting all versions from 12.0 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows an…
PriorityP342high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
0.77%
51.0th percentile
Bypass of healthcheck endpoint allow list affecting all versions from 12.0 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows an unauthorized attacker to prevent access to GitLab
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | gitlab | < gitlab 15.10.8+ds1-2 (sid) | gitlab 15.10.8+ds1-2 (sid) |
| gitlab | gitlab | — | — |
| gitlab | gitlab | — | — |
| gitlab | gitlab | — | — |
| gitlab | gitlab | — | — |
| gitlab | gitlab | — | — |
| gitlab | gitlab | >= 12.0.0 < 15.2.5 | 15.2.5 |
| gitlab | gitlab | >= 15.3.0 < 15.3.4 | 15.3.4 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH
vendor_debian5.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-gchc-78gm-5379: Bypass of healthcheck endpoint allow list affecting all versions from 12
ghsa_unreviewed·2022-11-10
CVE-2022-3285 [HIGH] GHSA-gchc-78gm-5379: Bypass of healthcheck endpoint allow list affecting all versions from 12
Bypass of healthcheck endpoint allow list affecting all versions from 12.0 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows an unauthorized attacker to prevent access to GitLab
OSV
CVE-2022-3285: Bypass of healthcheck endpoint allow list affecting all versions from 12
osv·2022-11-09·CVSS 7.5
CVE-2022-3285 [HIGH] CVE-2022-3285: Bypass of healthcheck endpoint allow list affecting all versions from 12
Bypass of healthcheck endpoint allow list affecting all versions from 12.0 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows an unauthorized attacker to prevent access to GitLab
GitLab
CVE-2022-3285: Bypass of healthcheck endpoint allow list affecting all versions from 12.0 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows an u
vendor_gitlab·2022-11-09·CVSS 5.3
CVE-2022-3285 [MEDIUM] CVE-2022-3285: Bypass of healthcheck endpoint allow list affecting all versions from 12.0 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows an u
CVE-2022-3285: Bypass of healthcheck endpoint allow list affecting all versions from 12.0 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows an unauthorized attacker to prevent access to GitLab
Debian
CVE-2022-3285: gitlab - Bypass of healthcheck endpoint allow list affecting all versions from 12.0 prior...
vendor_debian·2022·CVSS 5.3
CVE-2022-3285 [MEDIUM] CVE-2022-3285: gitlab - Bypass of healthcheck endpoint allow list affecting all versions from 12.0 prior...
Bypass of healthcheck endpoint allow list affecting all versions from 12.0 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows an unauthorized attacker to prevent access to GitLab
Scope: local
sid: resolved (fixed in 15.10.8+ds1-2)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-11-09
Published