CVE-2022-4143
published 2023-06-28CVE-2022-4143: An issue has been discovered in GitLab affecting all versions starting from 15.7 before 15.8.5, from 15.9 before 15.9.4, and from 15.10 before 15.10.1 that…
PriorityP428medium5.3CVSS 3.1
AVNACHPRLUINSUCNIHAN
EPSS
0.75%
50.5th percentile
An issue has been discovered in GitLab affecting all versions starting from 15.7 before 15.8.5, from 15.9 before 15.9.4, and from 15.10 before 15.10.1 that allows for crafted, unapproved MRs to be introduced and merged without authorization
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | gitlab | < gitlab 15.10.8+ds1-2 (sid) | gitlab 15.10.8+ds1-2 (sid) |
| gitlab | gitlab | — | — |
| gitlab | gitlab | — | — |
| gitlab | gitlab | — | — |
| gitlab | gitlab | — | — |
| gitlab | gitlab | — | — |
| gitlab | gitlab | >= 15.7.0 < 15.8.5 | 15.8.5 |
| gitlab | gitlab | >= 15.9.0 < 15.9.4 | 15.9.4 |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
osv5.3MEDIUM
vendor_debian6.4MEDIUM
vendor_redhat6.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
CVE-2022-4143: An issue has been discovered in GitLab affecting all versions starting from 15
osv·2023-06-28·CVSS 5.3
CVE-2022-4143 [MEDIUM] CVE-2022-4143: An issue has been discovered in GitLab affecting all versions starting from 15
An issue has been discovered in GitLab affecting all versions starting from 15.7 before 15.8.5, from 15.9 before 15.9.4, and from 15.10 before 15.10.1 that allows for crafted, unapproved MRs to be introduced and merged without authorization
GHSA
GHSA-9xhf-gx34-9q2g: An issue has been discovered in GitLab affecting all versions starting from 15
ghsa_unreviewed·2023-06-28
CVE-2022-4143 [MEDIUM] CWE-367 GHSA-9xhf-gx34-9q2g: An issue has been discovered in GitLab affecting all versions starting from 15
An issue has been discovered in GitLab affecting all versions starting from 15.7 before 15.8.5, from 15.9 before 15.9.4, and from 15.10 before 15.10.1 that allows for crafted, unapproved MRs to be introduced and merged without authorization
GitLab
CVE-2022-4143: An issue has been discovered in GitLab affecting all versions starting from 15.7 before 15.8.5, from 15.9 before 15.9.4, and from 15.10 before 15.10.1
vendor_gitlab·2023-06-28·CVSS 6.4
CVE-2022-4143 [MEDIUM] CWE-367 CVE-2022-4143: An issue has been discovered in GitLab affecting all versions starting from 15.7 before 15.8.5, from 15.9 before 15.9.4, and from 15.10 before 15.10.1
CVE-2022-4143: An issue has been discovered in GitLab affecting all versions starting from 15.7 before 15.8.5, from 15.9 before 15.9.4, and from 15.10 before 15.10.1 that allows for crafted, unapproved MRs to be introduced and merged without authorization
Red Hat
hw: Intel: Out-of-bounds read in firmware for Integrated Sensor Solution
vendor_redhat·2023-02-14·CVSS 6.0
CVE-2022-30339 [MEDIUM] CWE-125 hw: Intel: Out-of-bounds read in firmware for Integrated Sensor Solution
hw: Intel: Out-of-bounds read in firmware for Integrated Sensor Solution
Out-of-bounds read in firmware for the Intel(R) Integrated Sensor Solution before versions 5.4.2.4579v3, 5.4.1.4479 and 5.0.0.4143 may allow a privileged user to potentially enable denial of service via local access.
An out-of-bounds read flaw was found in hw. The firmware for the Intel(R) Integrated Sensor Solution may allow a privileged user to enable a denial of service via local access.
Mitigation: Please contact the hardware vendor for more updates.
Package: kernel (Red Hat Enterprise Linux 6) - Not affected
Package: kernel (Red Hat Enterprise Linux 7) - Not affected
Package: kernel-rt (Red Hat Enterprise Linux 7) - Not affected
Package: kernel (Red Hat Enterprise Linux 8) - Not affected
Package: kernel-r
Debian
CVE-2022-4143: gitlab - An issue has been discovered in GitLab affecting all versions starting from 15.7...
vendor_debian·2022·CVSS 6.4
CVE-2022-4143 [MEDIUM] CVE-2022-4143: gitlab - An issue has been discovered in GitLab affecting all versions starting from 15.7...
An issue has been discovered in GitLab affecting all versions starting from 15.7 before 15.8.5, from 15.9 before 15.9.4, and from 15.10 before 15.10.1 that allows for crafted, unapproved MRs to be introduced and merged without authorization
Scope: local
sid: resolved (fixed in 15.10.8+ds1-2)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4143.jsonhttps://gitlab.com/gitlab-org/gitlab/-/issues/383776https://hackerone.com/reports/1767639https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4143.jsonhttps://gitlab.com/gitlab-org/gitlab/-/issues/383776https://hackerone.com/reports/1767639
2023-06-28
Published