CVE-2022-3740
published 2023-01-26CVE-2022-3740: An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. A group…
PriorityP427medium4.9CVSS 3.1
AVNACLPRHUINSUCHINAN
EPSS
0.89%
54.9th percentile
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. A group owner may be able to bypass External Authorization check, if it is enabled, to access git repositories and package registries by using Deploy tokens or Deploy keys .
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | gitlab | < gitlab 15.10.8+ds1-2 (sid) | gitlab 15.10.8+ds1-2 (sid) |
| gitlab | gitlab | — | — |
| gitlab | gitlab | — | — |
| gitlab | gitlab | — | — |
| gitlab | gitlab | — | — |
| gitlab | gitlab | — | — |
| gitlab | gitlab | >= 12.9.0 < 15.4.6 | 15.4.6 |
| gitlab | gitlab | >= 15.5.0 < 15.5.5 | 15.5.5 |
| gitlab | gitlab_ce | — | — |
CVSS provenance
nvdv3.14.9MEDIUMCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
osv4.9MEDIUM
vendor_debian6.5MEDIUM
vendor_oracle6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-52w5-6rqq-mwq5: An issue has been discovered in GitLab CE/EE affecting all versions starting from 12
ghsa_unreviewed·2023-01-26
CVE-2022-3740 [MEDIUM] CWE-285 GHSA-52w5-6rqq-mwq5: An issue has been discovered in GitLab CE/EE affecting all versions starting from 12
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. A group owner may be able to bypass External Authorization check, if it is enabled, to access git repositories and package registries by using Deploy tokens or Deploy keys .
OSV
CVE-2022-3740: An issue has been discovered in GitLab CE/EE affecting all versions starting from 12
osv·2023-01-26·CVSS 4.9
CVE-2022-3740 [MEDIUM] CVE-2022-3740: An issue has been discovered in GitLab CE/EE affecting all versions starting from 12
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. A group owner may be able to bypass External Authorization check, if it is enabled, to access git repositories and package registries by using Deploy tokens or Deploy keys .
GitLab
CVE-2022-3740: An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2
vendor_gitlab·2023-01-26·CVSS 6.5
CVE-2022-3740 [MEDIUM] CWE-285 CVE-2022-3740: An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2
CVE-2022-3740: An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. A group owner may be able to bypass External Authorization check, if it is enabled, to access git repositories and package registries by using Deploy tokens or Deploy keys .
Oracle
Oracle Oracle Communications Applications Risk Matrix: Installer (RSA BSAFE Crypto-J) — CVE-2019-3740
vendor_oracle·2022-04-15·CVSS 6.5
CVE-2019-3740 [MEDIUM] Oracle Oracle Communications Applications Risk Matrix: Installer (RSA BSAFE Crypto-J) — CVE-2019-3740
Oracle Oracle Communications Applications Risk Matrix: Installer (RSA BSAFE Crypto-J) vulnerability
CVE: CVE-2019-3740
CVSS: 6.5
Protocol: HTTPS
Remote exploit: Yes
Affected versions: Network
Advisory: cpuapr2022 (APR 2022)
Debian
CVE-2022-3740: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions starting fro...
vendor_debian·2022·CVSS 6.5
CVE-2022-3740 [MEDIUM] CVE-2022-3740: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions starting fro...
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. A group owner may be able to bypass External Authorization check, if it is enabled, to access git repositories and package registries by using Deploy tokens or Deploy keys .
Scope: local
sid: resolved (fixed in 15.10.8+ds1-2)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3740.jsonhttps://gitlab.com/gitlab-org/gitlab/-/issues/368416https://hackerone.com/reports/1602904https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3740.jsonhttps://gitlab.com/gitlab-org/gitlab/-/issues/368416https://hackerone.com/reports/1602904
2023-01-26
Published