CVE-2022-3325
published 2022-10-17CVE-2022-3325: Improper access control in the GitLab CE/EE API affecting all versions starting from 12.8 before 15.2.5, all versions starting from 15.3 before 15.3.4, all…
PriorityP422medium4.3CVSS 3.1
AVNACLPRLUINSUCNILAN
EPSS
0.42%
33.9th percentile
Improper access control in the GitLab CE/EE API affecting all versions starting from 12.8 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. Allowed for editing the approval rules via the API by an unauthorised user.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | gitlab | < gitlab 15.10.8+ds1-2 (sid) | gitlab 15.10.8+ds1-2 (sid) |
| gitlab | gitlab | — | — |
| gitlab | gitlab | — | — |
| gitlab | gitlab | — | — |
| gitlab | gitlab | — | — |
| gitlab | gitlab | >= 12.8.0 < 15.2.5 | 15.2.5 |
| gitlab | gitlab | >= 15.3 < 15.3.4 | 15.3.4 |
| gitlab | gitlab | >= 15.4 < 15.4.1 | 15.4.1 |
| gitlab | gitlab_ce | — | — |
CVSS provenance
nvdv3.14.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
osv4.3MEDIUM
vendor_debian2.7LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GitLab
CVE-2022-3325: Improper access control in the GitLab CE/EE API affecting all versions starting from 12.8 before 15.2.5, all versions starting from 15.3 before 15.3.4
vendor_gitlab·2022-10-17·CVSS 2.7
CVE-2022-3325 [LOW] CWE-284 CVE-2022-3325: Improper access control in the GitLab CE/EE API affecting all versions starting from 12.8 before 15.2.5, all versions starting from 15.3 before 15.3.4
CVE-2022-3325: Improper access control in the GitLab CE/EE API affecting all versions starting from 12.8 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. Allowed for editing the approval rules via the API by an unauthorised user.
Debian
CVE-2022-3325: gitlab - Improper access control in the GitLab CE/EE API affecting all versions starting ...
vendor_debian·2022·CVSS 2.7
CVE-2022-3325 [LOW] CVE-2022-3325: gitlab - Improper access control in the GitLab CE/EE API affecting all versions starting ...
Improper access control in the GitLab CE/EE API affecting all versions starting from 12.8 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. Allowed for editing the approval rules via the API by an unauthorised user.
Scope: local
sid: resolved (fixed in 15.10.8+ds1-2)
OSV
CVE-2022-3325: Improper access control in the GitLab CE/EE API affecting all versions starting from 12
osv·2022-10-17·CVSS 4.3
CVE-2022-3325 [MEDIUM] CVE-2022-3325: Improper access control in the GitLab CE/EE API affecting all versions starting from 12
Improper access control in the GitLab CE/EE API affecting all versions starting from 12.8 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. Allowed for editing the approval rules via the API by an unauthorised user.
GHSA
GHSA-339r-94ww-rwcq: Improper access control in the GitLab CE/EE API affecting all versions starting from 12
ghsa_unreviewed·2022-10-17
CVE-2022-3325 [MEDIUM] CWE-284 GHSA-339r-94ww-rwcq: Improper access control in the GitLab CE/EE API affecting all versions starting from 12
Improper access control in the GitLab CE/EE API affecting all versions starting from 12.8 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. Allowed for editing the approval rules via the API by an unauthorised user.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3325.jsonhttps://gitlab.com/gitlab-org/gitlab/-/issues/360819https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3325.jsonhttps://gitlab.com/gitlab-org/gitlab/-/issues/360819https://gitlab.com/gitlab-org/gitlab/-/issues/360819
2022-10-17
Published