CVE-2022-3819 — Incorrect Authorization in Gitlab

CWE-863 — Incorrect Authorization6 documents6 sources

Severity

4.3MEDIUMNVD

EPSS

0.1%

top 71.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gitlab Debian Gitlab Gitlab CE

Timeline

PublishedNov 10

Latest updateFeb 12

Description

An improper authorization issue in GitLab CE/EE affecting all versions from 15.0 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a malicious users to set emojis on internal notes they don't have access to.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages5 packages

▶NVDgitlab/gitlab15.0.0 — 15.3.5+2

▶debiandebian/gitlab< gitlab 15.10.8+ds1-2 (sid)

▶CVEListV5gitlab/gitlab>=15.0, <15.3.5, >=15.4, <15.4.4, >=15.5, <15.5.2+2

▶gitlabgitlab/gitlab

▶gitlabgitlab/gitlab_ce

🔴Vulnerability Details

OSV

CVE-2022-3819: An improper authorization issue in GitLab CE/EE affecting all versions from 15↗2022-11-10

▶

GHSA

GHSA-w843-hcjg-c7v5: An improper authorization issue in GitLab CE/EE affecting all versions from 15↗2022-11-10

▶

📋Vendor Advisories

GitLab

CVE-2022-3819: An improper authorization issue in GitLab CE/EE affecting all versions from 15.0 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allow↗2022-11-10

▶

Debian

CVE-2022-3819: gitlab - An improper authorization issue in GitLab CE/EE affecting all versions from 15.0...↗2022

▶

🕵️Threat Intelligence

Krebs

Microsoft Patch Tuesday, February 2025 Edition↗2025-02-12

▶